A new form of malware is targeted Linux servers and Internet of Things (IoT) Appliances and adds them to botnet of. In accordance with Juniper Threat Labs, this is the first stage of a hacking campaign targeting cloud computing infrastructure.
This malware is a malware worm revealed by them researchers of Juniper Threat Labs and is called Gitpaste-12. This name was given to him because he uses GitHub and Pastebin for its hosting code and because it has 12 different media to break Linux based x86 servers, as well as Linux ARM and MIPS based IoT Appliances.
These means of violation include exploitation 11 known vulnerabilities on Asus, Huawei, Netlink routers, MongoDB and Apache Struts. In addition, the violations can be done with brute-force attacks to "break" default or regular credentials.
After using one of these vulnerabilities, Gitpaste-12 downloads scripts from Pastebin to provide pre-orders for other instructions from a GitHub depositary.
The Gitpaste-12 worm is trying to disable system defenses, such as firewalls and monitoring software that would otherwise face the threat.
Additionally, the new malware contains commands for deactivation of services security in cloud major Chinese companies, including Alibaba Cloud and Tencent. This means that adding to the botnet can be the first step of a great hacking campaign. However, the ultimate purpose of the attack is unknown.
According to security researchers, malware can also run cryptomining, allowing the attackers to steal Monero cryptocurrency.
In addition, the botnet, as we said above, works as worm using compromised computers to run malicious scripts on other devices on the same or connected networks. In this way, the malware spreads.
"No malware is good, but worms are very annoying", Said the researchers. Worms can spread throughout network an organization and infect many devices.
The Pastebin URL and GitHub depositary used to instruct malware have been shut down after the researchers' revelation. This means that at the moment, users are not at risk from the botnet. However, researchers believe that hackers continue to develop Gitpaste-12, so it is very likely to return.
To be safe from it or similar attack, must apply all security updates that fix known and critical vulnerabilities. In addition, it must Avoid using default passwords on IoT devices to prevent brute force and others attacks.