A new form of malware that targets Linux servers and Internet of Things (IoT) devices and adding them to a botnet has been discovered by security researchers at Juniper Threat Labs. Even though the motive of the attack is not clear it is considered to be the first stage of a hacking campaign targeting cloud-computing infrastructure.
The malware which has been dubbed Gitpaste-12, reflecting on how it uses GitHub and Pastebin for housing component code has 12 different means of compromising Linux-based x86 servers, as well as Linux ARM- and MIPS-based IoT devices.
These include 11 known vulnerabilities in technology including Asus, Huawei and Netlink routers, as well as the likes of MongoDB and Apache Struts, and the ability to compromise systems by using brute force attacks to crack default or common usernames and passwords.
Once the system is compromised using one of these vulnerabilities, Gitpaste-12 downloads scripts from Pastebin to provide commands before downloading further instructions.
The malware tries to switch off defenses including firewalls and monitoring software that would respond to malicious activity.
Gitpaste-12 also includes commands to disable cloud security services of major Chinese infrastructure providers including Alibaba Cloud and Tencent.
The malware at present has the capability to run cryptomining, which means that the attackers can abuse the computing power of any compromised system to mine for Monero cryptocurrency.
It also acts like a worm that uses compromised machines to launch scripts against other vulnerable devices on the same or connected networks to replicate and spread the malware.
The Pastebin URL and GitHub repository that were used to provide instructions to the malware are shut down after being reported by researchers. However, researchers also note that Gitpaste-12 is still under development.
It is still possible to be protected from Gitpaste-12 by cutting off the main way in which it spreads. It can be done by updating the security patches for the known vulnerabilities it exploits.
The users are also advised to not use default passwords for IoT devices as this helps to protect against brute force attacks.
Image Credits : Kratikal