Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Malicious repository

TheKeiron
TheKeiron
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 1, 2025

I'd like to report a malicious repository, I got a linkedin message from someone posing as a recruiter who sent me a link to a bitbucket repository for a demo of "Crypto Oasis Socifi MVP-v1" (https://bitbucket.org/oasiscrypto-workspace/socifi-mvp-v1/src/)

The repository contains malware at the following file:
https://bitbucket.org/oasiscrypto-workspace/socifi-mvp-v1/src/main/server/routes/api/auth.js

malware 1.png

which upon first glance looks fairly harmless but notice the scrollbar at the bottom, theres actually more code on line 18 which you have to scroll to the right to see:
malware 2.png

its an obfuscated malicious hidden function designed to steal you private keys. I've seen many users report the same scam and right now the solution has just been to close the repository, but its zero effort to just reupload the same repository again as a different user under a different name. They only need 1 poor soul to fall for it, and because it is such low effort to upload a malicious repository they'll keep doing it until someone falls for it. There needs to be an easier way to report these scams on here at least, or at most perhaps integration of tools to help users scan repositories for malicious/suspicious code

Answer
Watch
Like Be the first to like this
73 views

1 answer

1 accepted

1 vote
Answer accepted
Mikael Sandberg
Mikael Sandberg
Community Champion
May 1, 2025

Hi @TheKeiron,

Welcome to Atlassian Community!

Please report this to abuse@atlassian.com and the they will take action on this. 

View More Comments
TheKeiron
TheKeiron
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 2, 2025

Thanks for getting back to me, i've sent the info to that email, however it is imperative that there is a faster method of reporting these malicious repositories as someone less savvy will fall for the scam. Perhaps even a "suspicious" flagging system can help, and I'm sure in this day and age AI can be leveraged to help in scanning repositories.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.