Symantec cybersecurity experts: The malware deployment is preceded by a reconnaissance with the AdFind tool. The victims are large organizations.
Juniper Networks: Gitpaste-12 is back with more exploits and targets. The malware, a worm, is hosted in a new GitHub repository. It attacks Windows, Linux, IoT devices and more
Gitpaste-12 malware is back with more exploits. It has been detected by Juniper Threat Labs Networks cybersecurity experts. The initial wave of attacks was last seen on October 27, when the GitHub repository hosting the bulk of the worm’s payloads was removed. On November 10, a new round started. They use payloads from another GitHub repository, which contained a Linux cryptominer (“ls”), a list of passwords for brute-force attempts (“pass”) and a statically linked Python 3.9 interpreter of unknown provenance. In addition, two more files were added: a configuration file for a Monero cryptomining program (“config.json”) and a UPX-packed local privilege escalation exploit for x86_64 Linux systems (“root_x86_64”). Moreover, the worm now is equipped with at least 31 vulnerability exploits, and attempts to compromise open Android Debug Bridge connections and existing malware backdoors. The attacks target Windows and Linux systems, web applications, IoT devices as IP cameras, routers and more.