Fraudulent Recruitment Assessments Delivering Malware

Fake Coding Assessments Are Being Used to Deliver Malware — Here's What You Should Know

We want to spread awareness of a scam targeting developers and other technical professionals. Scammers are posing as recruiters and asking candidates to complete what looks like a legitimate coding assessment or technical interview task — but the repositories they share contain malware designed to steal sensitive information (e.g., credentials, cryptocurrency wallets, and browser data) or hijack developer access.

Some of these malicious repositories have been hosted on Bitbucket, taking advantage of trusted developer workflows to make the activity look credible. Read below to learn more about what we're doing about it and how you can protect yourself.

What Atlassian is doing

Atlassian actively monitors for Bitbucket abuse and takes action against repositories and accounts associated with it. We use a combination of threat intelligence, abuse reporting, internal detections, repository analysis, and collaboration with industry partners to identify and disrupt malicious activity.

To date, we’ve deactivated over 1,000 repositories in response to hundreds of internal alerts and reports from our partners.

What you can do

• Do not run unfamiliar code on your primary machine. Use a disposable virtual machine, sandbox, or isolated environment.

• Be suspicious of rushed requests. Pressure to run code quickly, troubleshoot live, or install dependencies during a call is a common red flag.

• Report suspicious repositories or accounts hosted on Bitbucket by contacting Atlassian Support and selecting Abuse > Bitbucket.