Hackers Utilizing Bitbucket Code Internet hosting Platform To Host Malicious Payloads

Cybersecurity researchers have uncovered a complicated malware marketing campaign exploiting Bitbucket, a well-liked code internet hosting platform, to ship harmful payloads to unsuspecting victims.

The attackers are leveraging Bitbucket’s legit fame to host and distribute numerous types of malware, together with distant entry trojans (RATs) and knowledge stealers.

Safety agency G DATA not too long ago found a multi-stage assault that makes use of Bitbucket repositories to host malicious recordsdata, together with the infamous AsyncRAT trojan.

With phishing emails containing obfuscated VBScript attachments. When executed, these scripts set off a series of occasions that finally results in the obtain and execution of AsyncRAT from a Bitbucket repository.”

“The G DATA researchers noted that attackers have turned to Bitbucket, a well-liked code internet hosting platform, to host their malicious payloads”.

This method supplies legitimacy and accessibility for distributing the malware, making it much less more likely to increase suspicion amongst safety options.

Analyse Any Suspicious Information With ANY.RUN: Intergarte With You Safety Crew -> Try for Free

Selection Of Malware Hosted On Bitbucket

AsyncRAT shouldn’t be the one risk being distributed by way of Bitbucket. Researchers have recognized a number of different malware households abusing the platform, together with:

• Predator stealer
• Azorult data stealer
• STOP ransomware
• Cryptocurrency miners

A separate investigation by Cybereason in 2020 discovered over 500,000 techniques contaminated by way of a Bitbucket-hosted malware marketing campaign delivering a number of payloads.

The attackers make use of numerous evasion strategies to keep away from detection:

• A number of layers of Base64 encoding to obfuscate malicious code
• Anti-virtualization checks to evade evaluation in sandboxed environments
• Use of legit Home windows processes for payload execution
• Frequent updates to malware hosted on Bitbucket repositories

This abuse of Bitbucket highlights the continued problem confronted by code hosting platforms in stopping malicious actors from exploiting their companies.

Whereas Bitbucket has measures in place to detect and take away malicious content material, the frequency of updates and obfuscation methods utilized by attackers make this a continuing cat-and-mouse recreation.

Customers and organizations ought to train warning when downloading recordsdata or scripts from public repositories, even on trusted platforms like Bitbucket.

Implementing strong e-mail filtering, preserving software program up to date, and utilizing respected safety options may also help mitigate the dangers posed by a majority of these assaults.

Using legit companies like Bitbucket for malware distribution is a part of a broader pattern within the cybercrime ecosystem.

Attackers constantly search new methods to bypass safety measures and ship their payloads extra successfully. This marketing campaign demonstrates that even well-established platforms could be weaponized by decided risk actors.

Continued vigilance and collaboration between safety researchers, platform suppliers, and end-users stay essential in combating these evolving threats.

Methods to Select an final Managed SIEM resolution for Your Safety Crew -> Download Free Guide(PDF)