Text storage service Pastebin last week announced the introduction of two new security features, but some industry professionals believe they will likely be abused by malicious actors.
The new features are Burn After Read, which causes pastes to be deleted after they are read, and Password Protected Pastes, which allows users to set a password for the data they post.
In response to Pastebin’s announcement of the new features on Twitter, several cybersecurity experts said threat actors will likely abuse them for command and control (C&C) and other purposes, while making it more difficult for defenders to analyze their attacks.
Malware abusing Pastebin is not unheard of. One example is the WatchBog cryptocurrency miner, which fetched configuration data and payloads from Pastebin.
The new features introduced by Pastebin have been described as a “win for threat actors,” “protections for malicious data,” “an extra layer of protection for threat actors” and “a headache for the good guys.”
Several people claim they may configure their enterprise security solutions to either completely block Pastebin traffic or at least send out an alert when such traffic is detected.
However, not everyone agrees that the new security features will be found useful by threat actors. Some users welcomed the features, while others have pointed out that Pastebin’s competitors have offered these features for some time and malicious actors could have abused those if they really would have found them useful.
SecurityWeek has reached out to Pastebin for comment, but the company has yet to respond.
Related: Mozilla Discontinues Firefox Feature Abused in Malware, Phishing Attacks
Related: Microsoft Says China-Linked Hackers Abused Azure in Attacks
Related: VLC Responds to Criticism Over Lack of HTTPS for Updates
Related: Zoom Rolls Out New Measures as Security Fears Mount

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- GoAnywhere MFT Users Warned of Zero-Day Exploit
- UK Car Retailer Arnold Clark Hit by Ransomware
- EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft
- Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
Latest News
- Comcast Wants a Slice of the Enterprise Cybersecurity Business
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- New York Attorney General Fines Vendor for Illegally Promoting Spyware
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Cyber Insights 2023 | Zero Trust and Identity and Access Management
- Cyber Insights 2023 | The Coming of Web3
- European Police Arrest 42 After Cracking Covert App
