Reverse shell botnet Gitpaste-12 spreads via GitHub and Pastebin

[correlate]

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
Content source
https://www.bleepingcomputer.com/news/security/reverse-shell-botnet-gitpaste-12-spreads-via-github-and-pastebin/
A newly discovered worm and botnet named Gitpaste-12 lives on GitHub and also uses Pastebin to host malicious code.

The advanced malware comes equipped with reverse shell and crypto-mining capabilities and exploits over 12 known vulnerabilities, therefore the moniker.
Click to expand...
www.bleepingcomputer.com

Reverse shell botnet Gitpaste-12 spreads via GitHub and Pastebin

A newly discovered worm and botnet named Gitpaste-12 lives on GitHub and also uses Pastebin to host malicious code. The advanced malware comes equipped with reverse shell and crypto mining capabilities.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: SeriousHoax, Nevi, struppigel and 6 others
[correlate]

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
This post is a rather unusual story of a vulnerability that could be leveraged as a supply chain attack and used to attack millions of software developers around the world. It is also a tale of a bug collision that paid a bounty to one reporter and assigned the CVE to another!

The main focus of this blog post is GitHub Desktop. Other Git clients such as GitKraken, Git-Tower and SourceTree were also found to be vulnerable, however these have different exploitation scenarios that require user interaction.
Click to expand...
blog.blazeinfosec.com

Blaze Labs | Cybersecurity R&D - Blaze Information Security

Blaze Labs - cybersecurity research and development, technical publications and tools development.
blog.blazeinfosec.com blog.blazeinfosec.com
 
  • Like
Reactions: ForgottenSeer 85179, Gandalf_The_Grey, harlan4096 and 2 others
silversurfer

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,151
Researchers at Juniper Threat Labs observed the second iteration of Gitpaste-12 on November 10th 2020, present on a different GitHub repository.
Expanding on its predecessor, this new version of Gitpaste-12 comes equipped with over 30 vulnerability exploits, concerning Linux systems, IoT devices, and open-source components.
Initially, the researchers observed the new GitHub repository containing just 3 files.
"The wave of attacks used payloads from yet another GitHub repository, which contained a Linux cryptominer ('ls'), a list of passwords for brute-force attempts ('pass') and a statically linked Python 3.9 interpreter of unknown provenance," explains Asher Langton, a researcher at Juniper Threat Labs. [...]
Click to expand...
The complete research findings and a list of Gitpaste-12 Indicators of Compromise (IOCs) can be found in Juniper Threat Labs' blog post.
Click to expand...
www.bleepingcomputer.com

Gitpaste-12 worm botnet returns with 30+ vulnerability exploits

Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with over 30 vulnerability exploits, according to researchers at Juniper Labs.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: SeriousHoax, upnorth, harlan4096 and 2 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Fake zero-day PoC exploits on GitHub push Windows, Linux malware
Replies
1
Views
1,525
News Archive
upnorth
upnorth
silversurfer
    • Like
    • +Reputation
Abcbot — A New Evolving Wormable Botnet Malware Targeting Linux
Replies
0
Views
888
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
'PGMiner' Crypto-Mining Botnet Abuses PostgreSQL for Distribution
Replies
0
Views
889
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top