UPDATED 23:16 EST / FEBRUARY 05 2020


500,000+ computers compromised by malware hosted on Bitbucket

Bitbucket, the Atlassian Corp. Plc-owned git code hosting service, has been abused to compromise 500,000 computers globally, according to cybersecurity firm Cybereason Inc.

The hacking campaign involves using malware hosted on Bitbucket to deliver what the Cybereason describes as “an arsenal of malware that is able to steal data, mine for cryptocurrency and deliver ransomware to victims all over the world.”

Making the attack unique or perhaps suggesting that there is more than one group behind the abuse, the malware is all over the place.

Malware types detected include Predator, a type of malware designed to steal information including cryptocurrency wallets; Azorult, another information stealer that also has backdoor capabilities; Evasive Monero Miner, a cryptocurrency mining script; STOP Ransomware, ironically named ransomware that encrypts files and demands a ransom; Vidar, another information stealer that can also take screenshots; Amadey bot, a Trojan that is used to collect reconnaissance information; and finally IntelRapid, a cryptocurrency stealer that steals different types of cryptocurrency wallets.

On the good side, if that’s possible with more than 500,000 victims, is that Bitbucket disabled the malicious repositories within a few hours of being informed. That they existed on Bitbucket for a time without being detected remains a major concern, however.

“This research highlights an ongoing trend with cybercriminals where they abuse legitimate online storage platforms like Github, Dropbox, Google Drive and Bitbucket to distribute commodity malware,” Cybereason noted.

“We are constantly working to ensure that users do not store illegal information on Bitbucket or break our terms of service,” Atlassian said in a statement. “Atlassian Acceptable Use Policy does not allow content that “contains viruses, bots, worms, scripting exploits, or other similar materials.”

The company added that “as soon as we were informed of malware hosted on Bitbucket and confirmed the accuracy of the report, we disabled all the affected repositories. To help protect our services, we are continuing to invest in improving the automated capabilities we use to prevent misuse and enforce our terms of service.”

Erich Kron, security awareness advocate at security awareness training firm KnowBe4 Inc., told SiliconANGLE that this is an example of people being tempted with a free ride, but ending up in a bad place.

“Using the promise of free software that is otherwise rather expensive, these attackers are using our human nature against us in order to drop some pretty nasty malware onto people’s computers,” Kron said. “This type of emotional manipulation is common in phishing attacks, such as the long-running Nigerian Prince scam, where something valuable is offered for nothing.”

People need to be reminded that downloading “cracked” software is likely to carry a significant cost of its own in the long run, he added. “Instead, if a person really needs the software, they can look at subscription models, possible employer participation in programs that can get employees free or reduced price software, or even educational versions,” he said. “These are all better options than cracked versions.”

Image: Bitbucket

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.