The free service Coverity Scan, used by thousands developers for finding and fixing bugs in their open source projects, was suspended due to recent hackers’ attacks. According to security researchers, the attackers have breached some of the Coverity Scan servers abusing them for cryptocurrency mining.
In 2014, Coverity Scan was acquired by Synopsys, who started informing users about the security breach on Friday. According to the company, the cybercriminals took control over the Coverity Scan systems last month.
“We suspect that the access was to utilize our computing power for cryptocurrency mining,” Synopsys said.
“We have not found evidence that database files or artifacts uploaded by the open source community users of the Coverity Scan service were accessed. We retained a well-known computer forensics company to assist us in our investigation.”
According to Synopsys, the free service is already back online and the experts believe that the point of access leveraged by the hackers has been closed now. The only thing that users should do to regain their access to Coverity Scan, is to reset their passwords.
“Please note that the servers in question were not connected to any other Synopsys computer networks. This should have no impact on customers of our commercial products, and this event did not put any Synopsys corporate data or intellectual property at risk,” Synopsys explained.
Lately, hackers have become highly interested in making a profit by hacking computers and servers and abusing them to mine cryptocurrencies.
Cryptocurrency mining malware can target a wide range of devices, including industrial systems. Among the most recent victims of the malware was the famous carmaker Tesla, whose Kubernetes pods were compromised and used for cryptocurrency mining.
The security breach has been found by the experts at RedLock, who claimed that the attackers gained access to Tesla’s Kubernetes console as the password protection was missing.
