Malicious warez hosted on Bitbucket get more than 500,000 downloads

by
Dan Goodin
from Ars Technica - All content on (#4YZ4Y)
pirated-software.jpg

OLYMPUS DIGITAL CAMERA (credit: Ikhlasul Amal)

An ongoing attack has so far delivered a cocktail of malicious wares to more than 500,000 machines on the Internet by abusing Bitbucket, the source code management system operated by Atlassian, researchers reported on Wednesday.

The attack, carried out by multiple holders of malicious Bitbucket accounts, distributes an array of malware that carries out a wide range of nefarious actions. Siphoning email credentials and other sensitive data, installing ransomware, stealing cryptocurrency, and surreptitiously freeloading on electricity and computing resources to mine cryptocurrency are all included. Researchers at security firm Cybereason said the ongoing attack has already generated more than 500,000 downloads, an indication that the attack may be infecting a sizable number of users.

"This campaign deploys an arsenal of malware for a multi-pronged assault on businesses," Cybereason researchers Lior Rochberger and Assaf Dahan wrote in a report. "It is able to steal sensitive browser data, cookies, email client data, system information, and two-factor authentication software data, along with cryptocurrency from digital wallets. It is also able to take pictures using the camera, take screenshots, mine Monero, and in certain cases also deploy ransomware."

Read 7 remaining paragraphs | Comments

index?i=lyIfUSH8o5c:gI2EOK3etp0:V_sGLiPB index?i=lyIfUSH8o5c:gI2EOK3etp0:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments