Reverse shell botnet Gitpaste-12 spreads via GitHub and Pastebin

[correlate]

[correlate]

Level 18
Thread author
Verified
Top Poster
Well-known
Forum Veteran
May 4, 2019
791
9,574
1,670
New York
Content source
https://www.bleepingcomputer.com/news/security/reverse-shell-botnet-gitpaste-12-spreads-via-github-and-pastebin/
A newly discovered worm and botnet named Gitpaste-12 lives on GitHub and also uses Pastebin to host malicious code.

The advanced malware comes equipped with reverse shell and crypto-mining capabilities and exploits over 12 known vulnerabilities, therefore the moniker.
Click to expand...
www.bleepingcomputer.com

Reverse shell botnet Gitpaste-12 spreads via GitHub and Pastebin

A newly discovered worm and botnet named Gitpaste-12 lives on GitHub and also uses Pastebin to host malicious code. The advanced malware comes equipped with reverse shell and crypto mining capabilities.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: SeriousHoax, Nevi, struppigel and 6 others
This post is a rather unusual story of a vulnerability that could be leveraged as a supply chain attack and used to attack millions of software developers around the world. It is also a tale of a bug collision that paid a bounty to one reporter and assigned the CVE to another!

The main focus of this blog post is GitHub Desktop. Other Git clients such as GitKraken, Git-Tower and SourceTree were also found to be vulnerable, however these have different exploitation scenarios that require user interaction.
Click to expand...
blog.blazeinfosec.com

Blaze Labs | Cybersecurity R&D - Blaze Information Security

Blaze Labs - cybersecurity research and development, technical publications and tools development.
blog.blazeinfosec.com blog.blazeinfosec.com
 
  • Like
Reactions: ForgottenSeer 85179, Gandalf_The_Grey, harlan4096 and 2 others
Researchers at Juniper Threat Labs observed the second iteration of Gitpaste-12 on November 10th 2020, present on a different GitHub repository.
Expanding on its predecessor, this new version of Gitpaste-12 comes equipped with over 30 vulnerability exploits, concerning Linux systems, IoT devices, and open-source components.
Initially, the researchers observed the new GitHub repository containing just 3 files.
"The wave of attacks used payloads from yet another GitHub repository, which contained a Linux cryptominer ('ls'), a list of passwords for brute-force attempts ('pass') and a statically linked Python 3.9 interpreter of unknown provenance," explains Asher Langton, a researcher at Juniper Threat Labs. [...]
Click to expand...
The complete research findings and a list of Gitpaste-12 Indicators of Compromise (IOCs) can be found in Juniper Threat Labs' blog post.
Click to expand...
www.bleepingcomputer.com

Gitpaste-12 worm botnet returns with 30+ vulnerability exploits

Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with over 30 vulnerability exploits, according to researchers at Juniper Labs.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: SeriousHoax, upnorth, harlan4096 and 2 others
You must log in or register to reply here.

You may also like...