A BitBucket Full of Malware: A New and Threatening Malware Host

Unfortunately, it is not uncommon for a legitimate web-based file host, like Google Drive, GitHub and DropBox, to become a vector for cyber disease. In fact, all three of these popular websites have seen malware hosted on them relatively recently in their past. Fortunately, it doesn’t take much time or effort to identify the users spreading malware, delete the offending files and reestablish security — until now.

BitBucket is a file hosting site like those mentioned above. Though it is marketed to businesses for use on development projects, it can be a valuable tool for home software developers who need someplace to store their ongoing efforts in Git. Like all file hosts, BitBucket has recently become a source for an international tidal wave of malware, but unlike the others, BitBucket seems to be drowning and unable to find a lifeline — meaning the web is beginning to suffer from a veritable flood of malware, and you could be the next victim.

Why Is BitBucket Different?

In truth, BitBucket isn’t remarkably different from GitHub or Google Drive in that it is an online repository for source code and development projects written in Git or Mercurial. Home users can take advantage of free accounts, with limited storage capacity, and professional users can invest in a commercial plan that offers more space and features. BitBucket has been around for about 12 years and serves tens of thousands of users.

What makes BitBucket’s malware event so unique is not necessarily the hosting site itself, but the method of attack. In past attacks, with sites like DropBox, attackers tended to distribute one variety of malware through one or two user accounts. With BitBucket, attackers are not just deploying a wide array of malware types, including cryptojackers, ransomware, Trojans and more, but they are also ensuring that criminal operations avoid disruption by updating an array of infected user profiles regularly, even hourly. 

At the last count, more than 500,000 machines have been compromised thanks to this massive BitBucket attack, and cybersecurity experts have yet to put a dent in the infection rate. Many attacked users have never even heard of BitBucket, let alone signed up for its services, so it is imperative that everyone with a device (including you) learn a bit more about the malware pouring onto the web thanks to BitBucket’s breach.

What Kinds of Malware Are You Facing?

As mentioned above, BitBucket isn’t infected with just one kind of malware. In an unprecedented move, attackers are misusing the service to spread a menagerie of malicious programs, to include:

  • Predator. This is a data-stealing malware, which steals system information and browser credentials, compromises web cams and replaces cryptocurrency wallet addresses. First discovered in 2018 on underground Russian forums, Predator has recently become fileless, making it more difficult for most antivirus programs to detect.
  • Azorult. This is another data-stealer tasked primarily with pilfering critical information about machines and users. What makes Azorult different is its remote desktop protocol, which allows attackers to see and control infected systems. Asorult first appeared in 2016, and it spreads primarily through the Fallout Exploit Kit, a much-beloved tool of black-hat hackers.
  • Evasive Monero Miner. This is a dropper, a kind of Trojan that stealthily deploys malware in a way that successfully hides the unwanted program from detection. The reason the malware is hidden in this case is to use the victim’s device clandestinely to mine cryptocurrency.
  • STOP. Though not as famous or disruptive as others, this ransomware demands between $300 and $600 from victims — which is often low enough to convince victims to pay up instead of seeking more beneficial alternatives. Plus, STOP is capable of downloading other malware payloads.
  • Vidar. This is spyware, which searches through an infected computer for potentially valuable information and tinkers with settings to make infiltration easier for other malware.

A veritable “Ocean’s 11” of malware, these attacks use a variety of methods to infiltrate machines, sniff out valuable information and take advantage of users’ devices and data. 

How Do We Solve This Problem?

Unfortunately, avoiding BitBucket isn’t really a viable solution for most users. This is because attackers are merely hosting the malware on this repository site; from there, attackers can send the malware in links or attachments across the web. Thus, everyone needs to be aware of the risks of malware and take concerted steps to avoid it in every case.

The best first step is installing defenses on your devices, especially antivirus software, firewalls and encryption. These tools will make it more difficult for malware to make it onto your machine, and it will make your machine better at identifying suspicious programs and thwarting their activity.

Next, you need to learn how to avoid malware on the web. Generally, this means recognizing the signs of phishing messages, like broken grammar, typos, strange punctuation and the like. You should avoid links and attachments from any unfamiliar email address, even if the message seems legitimate. You should get in the habit of practicing cyber hygiene, and you should ensure that everyone in your household also knows how to stay safe online.

BitBucket’s malware attack marks a shift in how hackers use and abuse web services. In 2020 and beyond, cyber attackers will be more organized and intense — which means users need to be more organized and more intense in their defenses. 

Desirae Odjick:
Related Post