Pastebin’s Burn After Read feature helps malware creators

Pastebin rolled out two new features last week: Burn After Read and Password Protected Pastes. The announcement is now facing criticism from security experts. They believe that Pastebin plays into the hands of malware makers with the functions.

With Burn After Read, Pastebin users can set a pasted text to disappear after reading. Password Protected Pastes can put texts behind a password. On the announcement by the service was praised on Twitter for its usability, but also the necessary criticism from security experts, among others.

They argue that malware creators and spreaders benefit from the features. Ted Samuels, a incident response consultant, tells ZDnet that Pastebin is used, for example, for attacks via PowerShell. The malware payload fetches additional instructions from pasted texts on Pastebin, which PowerShell then executes. The CobaltStrike malware framework, among others, makes use of this.

Samuels and some colleagues fear that the new features will make it more difficult to act against the abuse of Pastebin by criminals. For example, the functions can frustrate the operation of tools that monitor Pastebin for the presence of suspicious uploads.

Services that compete with Pastebin, such as Privatebin, have long had functionality such as password protection and delete-proofread. Pastebin is by far the market leader in internet services for copying and pasting texts, although its popularity seems to be declining when looking at the Alexa Rank.