Gitpaste-12, a botnet worm that was first seen in October this year has now evolved with new features. As researchers detected, Gitpaste-12’s new iteration has tools to exploit 31 vulnerabilities, targeting Linux, IoT, and Android tools. Some of the exploits include open-source tools, and it’s reported to infect over 100 devices already.

New Botnet Worm Infecting Open-source Tools

Gitpaste-12 was named after the botnet worm spreading through GitHub repositories, and is using Pastebin to host its malicious payloads. This was first discovered in October this year, where it came with 12 known exploits.

And now, it’s reported to have come with 31 exploits, attacking Android and open-source tools, IoT, and Linux devices.

Gitpaste-12 Botnet Worm Workflow

As documented by the Juniper Threat Labs, this latest iteration of Gitpaste-12 found on a different GitHub repository with just three files initially. These included a Linux cryptocurrency miner, a passwords list for brute-force attack, and a Python 3.9 interpreter with an unknown cause.

Later, more exploits were added to the Gitpaste-12. These include a Linux exploit called UPX pack for privilege escalation and a configuration file as “config.json” for mining Monero cryptocurrency. Authors have been minting coins to the same Monero address as Gitpaste-12’s first iteration.

It’s said that Gitpaste-12 starts with downloading a payload from its repository and makes a backdoor and a cryptocurrency miner in the host machine. Later, it spreads further to infect the connected Android devices through Android Debug Bridge and IoT devices like routers and cameras.

Researchers listed out all the 31 exploits that Gitpaste-12 attacks on, and these include some open-source tools like mongo-express, CutePHP, FuelCMS, and JBoss Seam 2.

While it’s unknown how successful this new botnet worm is, since it uses untraceable Monero cryptocurrency, researchers said they had identified over 100 distinct hosts. While we see how Gitpaste-12 evolves, researchers have listed the IOCs, identifiers, and all 31 exploits. Check out;


Please enter your comment!
Please enter your name here