Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How do I report malicious repository

Guillermo Bascuñana
Guillermo Bascuñana
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 16, 2025

It's part of the crypto developer scam where the alleged recruiter sends you a repository to install and evaluate. Then drain your wallets, there is obfuscated js either in the code or in a cookie fetch with eval() . It's been like the 5th time in this month so I recognize the scam quick, this is the first one in bitbucket and can't seem to find a way to report it.

Here it is: 

https://bitbucket.org/mordern/project_a/src/main/

 

thank you

Answer
Watch
Like # people like this
333 views

5 answers

1 accepted

1 vote
Answer accepted
Thales Santos
Thales Santos
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 16, 2025

Hello @Guillermo Bascuñana

Welcome to the Atlassian Community. Thanks for bringing this up, I am raising it internally with our Bitbucket support team.

I can't promise an SLA on this, but they will review it. If you receive an email or you see anything suspicious you can also report it to abuse@atlassian.com

Reply
0 votes
Shrinath Prabhu
Shrinath Prabhu
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 26, 2025

@Thales Santos There is this one as well https://bitbucket.org/alchemer1/tradingview1/src/main/ , same pattern. They ask you to run the code on your local machine and then funds are drained

View More Comments
Thales Santos
Thales Santos
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 26, 2025

Hi Shrinath, welcome to the community. I have reported this to the abuse team.

Like Andy Heinzer likes this
Thales Santos
Thales Santos
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 26, 2025

@Shrinath Prabhu The repository has been taken down.

For you and everyone else coming across this thread if this is seen in the future, you can report it directly to abuse@atlassian.com

Like
Reply
0 votes
Viktor Lazarov
Viktor Lazarov
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 9, 2025

Another malicious repository relating to a crypto scam from a potential client on UpWork.

https://bitbucket.org/chateaux/meme/src/main/

View More Comments
Thales Santos
Thales Santos
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 26, 2025

Thanks Viktor, it looks like the repository has already been deleted or moderated

Like
Reply
0 votes
Arya
Arya
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 31, 2025

Another similar repository here: https://bitbucket.org/financial-hub/staking-management/src/master/

This repository has been provided to me on Fiverr and is designed in similar fashion as the exploit here:

https://www.reddit.com/r/CryptoCurrency/comments/18sw38l/blockchain_devs_wallet_emptied_in_job_interview/

It's an old crypto dashboard template modified to scan for local crypto wallets and move the funds out.

I've ran it inside the VMWare, but could not identify how exactly this is being executed (Linux might not even be supported), but I assume it is somehow a part of the build / test chain, likely all the malicious logic is in https://bitbucket.org/financial-hub/staking-management/src/master/test.js

View More Comments
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 1, 2025

@Arya Thanks for reporting it to us.  The repo has been suspended.

Like
Reply
0 votes
Thales Santos
Thales Santos
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 16, 2025

@Guillermo Bascuñana would you be able to provide more information that this code can be a threat? Our team ran some checks and initially couldn't find anything, in order to do a takedown we would need more clear indication that this is indeed malicious.

Thanks

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events