New FreakOut Malware is Found Exploiting Vulnerable Linux Software

Gitpaste-12, a botnet worm that was first seen in October this year has now evolved with new features. As researchers detected, Gitpaste-12’s new iteration has tools to exploit 31 vulnerabilities, targeting Linux, IoT, and Android tools. Some of the exploits include open-source tools, and it’s reported to infect over 100 devices already.

New Botnet Worm Infecting Open-source Tools

Gitpaste-12 was named after the botnet worm spreading through GitHub repositories, and is using Pastebin to host its malicious payloads. This was first discovered in October this year, where it came with 12 known exploits.

And now, it’s reported to have come with 31 exploits, attacking Android and open-source tools, IoT, and Linux devices.

Gitpaste-12 Botnet Worm Workflow

As documented by the Juniper Threat Labs, this latest iteration of Gitpaste-12 found on a different GitHub repository with just three files initially. These included a Linux cryptocurrency miner, a passwords list for brute-force attack, and a Python 3.9 interpreter with an unknown cause.

Later, more exploits were added to the Gitpaste-12. These include a Linux exploit called UPX pack for privilege escalation and a configuration file as “config.json” for mining Monero cryptocurrency. Authors have been minting coins to the same Monero address as Gitpaste-12’s first iteration.

It’s said that Gitpaste-12 starts with downloading a payload from its repository and makes a backdoor and a cryptocurrency miner in the host machine. Later, it spreads further to infect the connected Android devices through Android Debug Bridge and IoT devices like routers and cameras.

Researchers listed out all the 31 exploits that Gitpaste-12 attacks on, and these include some open-source tools like mongo-express, CutePHP, FuelCMS, and JBoss Seam 2.

While it’s unknown how successful this new botnet worm is, since it uses untraceable Monero cryptocurrency, researchers said they had identified over 100 distinct hosts. While we see how Gitpaste-12 evolves, researchers have listed the IOCs, identifiers, and all 31 exploits. Check out;

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1871

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3313

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8361

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17215

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17562

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11511

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10758

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11447

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19509

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5902

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8816

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10987

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17463

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17496

https://www.exploit-db.com/exploits/37474

https://www.exploit-db.com/exploits/40500

https://www.exploit-db.com/exploits/45135

https://www.exploit-db.com/exploits/45161

https://www.exploit-db.com/exploits/46542

https://www.exploit-db.com/exploits/48225

https://www.exploit-db.com/exploits/48358

https://www.exploit-db.com/exploits/48676

https://www.exploit-db.com/exploits/48734

https://www.exploit-db.com/exploits/48737

https://www.exploit-db.com/exploits/48743

https://www.exploit-db.com/exploits/48751

https://www.exploit-db.com/exploits/48758

https://www.exploit-db.com/exploits/48771

https://www.exploit-db.com/exploits/48775

https://www.exploit-db.com/exploits/48805

https://www.exploit-db.com/exploits/48827

LEAVE A REPLY

Please enter your comment!
Please enter your name here