The Gitpaste-12 worm that disseminates through GitHub and uses GitHub and Pastebin to host malicious payload has been active again with new exploits. The worm was earlier found to be exploiting 12 vulnerabilities, has upgraded its count, and has returned with over 30 vulnerability exploits. IoT devices, Linux systems, and open-source components are targeted by this worm.
First discovered in the month of October, the worm was targeting Linux-based servers and IoT devices.
- Payloads hosted on a new GitHub repository were used in recent attacks, including a Linux-based cryptominer, along with a list of passwords for brute-force attacks, and a statically linked Python 3.9 interpreter.
- The sample that was recently acquired, which is named X10-unix, is a UPX-packed binary created using the Go programming language. This variant exploits 31 known vulnerabilities and is compiled for x86_64 Linux systems.
- A number of vulnerabilities that are being targeted are new with some being disclosed as recently as September, such as CVE-2020-17496 and CVE-2020-10987.
To propagate their malware, hackers have often been observed abusing vulnerabilities to gain access inside a targeted network. The Gitpaste-12 malware was discovered last month, exploiting eleven previously-disclosed vulnerabilities such as CVE-2017-5638, CVE-2013-5948, CVE-2020-10987, and more.
With the use of new and updated malware that exploits vulnerable IoT and smart devices, cybercriminals will continue to be a threat to organizations worldwide. Consequently, our in-house experts recommend using a sturdy antivirus solution with a reliable anti-malware feature like eScan. They further suggest users to regularly update their operating system and applications, along with frequently updating and patching every IoT device.
To read more, please check eScan Blog
