Bitbucket, the git-code hosting service, has been abused by hackers. As a result, some 500,000 computers worldwide have been infected with malware. This incident was unveiled by discoveries made by Cybersecurity firm Cybereason.
The hacking campaign involves the use of malware hosted on Bitbucket, which Cybereason describes as “an arsenal of malware capable of stealing data, providing a gold mine for cryptocurrency, and bringing ransomware to victims around the world.”
The malwares detected include Predator, a type of malware designed to steal data, including cryptocurrency wallets; Azorult, another data stealer, which also has backdoor capabilities; Evasive Monero Miner, a cryptocurrency-mining script; STOP Ransomware, ransomware that classically encrypts files and demands ransom money; Vidar, another data stealer, which can also take unwarranted screenshots; Amadey bot, a Trojan used to collect exploratory data; and finally, IntelRapid is part of the list, a crypto stealer that can steal various types of cryptocurrency wallets.
Repositories removed in the meantime
The good news is that Bitbucket disabled the malicious repositories within a few hours of the discovery. However, the fact that they existed on Bitbucket for a while without being detected remains a problem, as this can happen more often. It can therefore become a real problem if the repositories are discovered relatively late.
“This research indicates an ongoing trend among cybercriminals to abuse legitimate online storage platforms such as Github, Dropbox, Google Drive and Bitbucket, to distribute malware,” Cybereason said about the incident.