Gitpaste-12 worm botnet is back with new tricks

Gitpaste-12 is a recently discovered worm botnet, that was known to host malicious payload on Pastebin and was spreading using GitHub repositories. Its first iteration exploited 12 known vulnerabilities and had reverse shell and crypto-mining capabilities, however, the new iteration of Gitpaste-12 exploit over 30 vulnerabilities, targeting Linux and IoT devices. New Gitpaste-12 was observed in another GitHub repository which contained a Linux cryptominer ('ls'), a list of passwords for brute-force attempts ('pass') and a statically linked Python 3.9 interpreter of unknown provenance. Read more...