Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How do I report malicious repository

Guillermo Bascuñana
Guillermo Bascuñana
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 16, 2025

It's part of the crypto developer scam where the alleged recruiter sends you a repository to install and evaluate. Then drain your wallets, there is obfuscated js either in the code or in a cookie fetch with eval() . It's been like the 5th time in this month so I recognize the scam quick, this is the first one in bitbucket and can't seem to find a way to report it.

Here it is: 

https://bitbucket.org/mordern/project_a/src/main/

 

thank you

Answer
Watch
Like # people like this
196 views

4 answers

0 votes
Viktor Lazarov
Viktor Lazarov
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 9, 2025

Another malicious repository relating to a crypto scam from a potential client on UpWork.

https://bitbucket.org/chateaux/meme/src/main/

Reply
0 votes
Arya
Arya
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 31, 2025

Another similar repository here: https://bitbucket.org/financial-hub/staking-management/src/master/

This repository has been provided to me on Fiverr and is designed in similar fashion as the exploit here:

https://www.reddit.com/r/CryptoCurrency/comments/18sw38l/blockchain_devs_wallet_emptied_in_job_interview/

It's an old crypto dashboard template modified to scan for local crypto wallets and move the funds out.

I've ran it inside the VMWare, but could not identify how exactly this is being executed (Linux might not even be supported), but I assume it is somehow a part of the build / test chain, likely all the malicious logic is in https://bitbucket.org/financial-hub/staking-management/src/master/test.js

View More Comments
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 1, 2025

@Arya Thanks for reporting it to us.  The repo has been suspended.

Like
Reply
0 votes
Thales Santos
Thales Santos
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 16, 2025

@Guillermo Bascuñana would you be able to provide more information that this code can be a threat? Our team ran some checks and initially couldn't find anything, in order to do a takedown we would need more clear indication that this is indeed malicious.

Thanks

Reply
0 votes
Thales Santos
Thales Santos
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 16, 2025

Hello @Guillermo Bascuñana

Welcome to the Atlassian Community. Thanks for bringing this up, I am raising it internally with our Bitbucket support team.

I can't promise an SLA on this, but they will review it. If you receive an email or you see anything suspicious you can also report it to abuse@atlassian.com

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events