Sep 29, 2020 07:00:00

It is pointed out that the function added to the web service to improve security 'promotes malware development'

Two features have been added to

Pastebin , a web service that allows users to share a copy of text, to improve security to prevent malware and other exploits. However, some experts have criticized the newly added features as they could be beneficial to malware developers.

Pastebin adds'Burn After Read' and'Password Protected Pastes' to the dismay of the infosec community | ZDNet
https://www.zdnet.com/article/pastebin-adds-burn-after-read-and-password-protected-pastes-to-the-dismay-of-the-infosec-community/

One of the new features added to Pastebin, 'Burn After Read,' is that once you copy the content, it expires and becomes unusable. The other is a function called 'Password Protected Pastes' that allows you to create password-protected pages.

We're excited to announce 2 great new features for #Pastebin , we think you'll enjoy using them! In the interest of #security , the first is: Burn After Read, and the second is: Password Protected Pastes. Head on over to https://t.co/K5LoklQIn8 to check them out ????️ pic.twitter.com/rQGs5PsMC9

— Pastebin (@pastebin) September 25, 2020

In Pastebin, there have been cases in the past where text containing personal information was uploaded due to lack of user attention, and hackers cracked and abused it.

Bot 'Dump Monitor' that extracts passwords from posts on text sharing sites and tweets them --GIGAZINE

By Lorraine Murphy

Also, according to ZDNet, Pastebin has become the de facto hosting service for spreading malware in the last decade from 2020. For many years, malware developers have used Pastebin to store commands related to malware, hack data from others, and exploit Pastebin.

To combat Pastebin abuse by malware developers, cybersecurity companies have been developing tools for many years to collect data from Pastebin and search for malicious content from uploaded data. Malicious content discovered by cybersecurity companies has been collected in a database and removed from Pastebin.

Incident Response Consultant Ted Samuels told ZDNet, 'It's hard to figure out the role of Pastebin in malware operations, but it's not uncommon for services like Pastebin to be abused. No. Pastebin is quite popular as a service for operating (PDF file) fileless attacks using PowerShell . '

However, regarding the new features added to Pastebin, Samuels said, 'The new features of Pastebin can make it difficult for cybersecurity companies to quickly find malware downloaded and executed in some environments.' comment. Security researcher Brian also argues that 'unless Pastebin takes thorough measures to prevent malware, PasteBin's new features will be very useful to malware developers as well.' I will.

ZDNet points out that one of the reasons why Pastebin's new features are not able to prevent malware is that cybersecurity companies and Pastebin are not working well together. It is unclear at the time of writing how security companies will take anti-malware measures against the new Pastebin features.