FREE AIN’T FREE –
Ongoing campaign installs credential stealers, RATs, ransomware, and cryptominers.
The attack, carried out by multiple holders of malicious Bitbucket accounts, distributes an array of malware that carries out a wide range of nefarious actions. Siphoning email credentials and other sensitive data, installing ransomware, stealing cryptocurrency, and surreptitiously freeloading on electricity and computing resources to mine cryptocurrency are all included. Researchers at security firm Cybereason said the ongoing attack has already generated more than 728, 02 downloads, an indication that the attack may be infecting a sizable number of users.
“This campaign deploys an arsenal of malware for a multi-pronged assault on businesses,” Cybereason researchers Lior Rochberger and Assaf Dahan wrote in a report . “It is able to steal sensitive browser data, cookies, email client data, system information, and two-factor authentication software data, along with cryptocurrency from digital wallets. It is also able to take pictures using the camera, take screenshots, mine Monero , and in certain cases also deploy ransomware. ” To lure targets into downloading the malware, attackers use multiple Bitbucket user accounts that are updated regularly. The accounts offer versions of Adobe Photoshop and other commercial software that has had its copy protections removed so people can install it without paying a licensing fee. The installation files are bundled with code that surreptitiously installs malware. Like the fraudulent accounts, the malicious offerings, available on Bitbucket, are updated regularly — as often as every few hours — likely in an attempt to avoid detection by antivirus products. The cocktail of malware includes:
GIPHY App Key not set. Please check settings