Security News > 2020 > February > New Campaign Leverages BitBucket to Deliver Arsenal of Malware
Cybereason's Nocturnus researchers have discovered an ongoing campaign that takes this approach to the next level - multiple malwares stored on BitBucket and downloaded as a form of layered malware able to maximize each successful compromise.
Part of the success is down to the lengths the attackers go to ensure the malware isn't discovered and removed from BitBucket.
The stored malware is frequently updated, sometimes every hour, with new versions created using Themida as a packer to avoid detection by anti-malware products and thwart analysis attempts.
The full range of malware that is delivered in this campaign includes Predator, Azorult, Evasive Monero Miner, STOP ransomware, Vidar, Amadey bot, and IntelRapid.
The campaign is typical of attackers increasingly making use of legitimate services - in this case BitBucket - in their attacks.