Botnet Operators Abusing Legit GitHub, Pastebin Resources

Cryptocurrency Fraud
Fraud Management & Cybercrime

Researchers: ‘Gitpaste-12’ Botnet Mainly Targets Linux And IoT Devices

Botnet Operators Abusing Legit GitHub, Pastebin Resources
GitHub Page Hosting ‘Gitpaste-12’ malware before being taken down (Source: Juniper Threat Labs)

The operators behind a recently uncovered botnet dubbed “Gitpaste-12” are abusing legitimate services such as GitHub and Pastebin to help hide the malware’s malicious infrastructure, according to report from Juniper Threat Labs.

See Also: Palo Alto Networks Ignite 20: Discover the Future of Cybersecurity, Today

The botnet, which was first uncovered in October but appears to have been activated in July, mainly targets vulnerable Linux applications as well as internet of things and other connected devices, according to Juniper. The researchers also note that the malware contains at least 12 separate attack modules to help it infect new endpoints and apps.

While the ultimate purpose of the botnet is not fully known, the Juniper analysis finds that Gitpaste-12 comes equipped with cryptomining capabilities and can specifically mine monero cryptocurrency, according to the report.

It is the use of legitimate services such as Pastebin and Github, however, that stood out when the researchers first came across the botnet last month, according to the report.

By using Pastebin and GitHub, the malware can remain hidden from firewalls and proxies. This allows the operators to act stealthily while building the botnet and sending instructions through the command-and-control server, according Juniper’s Alex Burt and Trevor Pott note in their report.

Juniper has contacted…