Researchers at Cybereason have discovered an attack campaign which has been infecting users’ computers by secretly spreading malware via Bitbucket. The researchers claim an estimated 500,000 machines worldwide have already been affected.

A typical infection in this campaign starts with the installation of Predator the Thief and Azorult information stealers. However, users can subsequently end up installing Evasive Monero Miner, STOP ransomware and the IntelRapid cryptocurrency stealer, among others.

The researchers claim the attackers are able to hit victims from many angles due to the variety of malware types deployed in this attack. According to the report, the attackers behind the campaign created several Bitbucket user accounts to host secondary malware payloads. From there, these bad actors would regularly update them as frequently as once per hour.

The attackers used the Themida software protection system and multiple packing tools to conceal their activity. However, the Bitbucket team have been informed about the cybercriminal scheme and it’s timely eliminating the threat on its platform.

A spokesperson from Bitbucket’s operator, Atlassian, said Bitbucket is constantly working to ensure that users do not store illicit information on the online file storage platform or break their terms of service.