Threat actor Banana Squad exploits GitHub repos in new campaign

SUMMARY :

Banana Squad, a threat actor first identified in 2023, has launched a new campaign targeting GitHub repositories. The group has created over 60 trojanized repositories masquerading as hacking tools written in Python. These malicious repositories contain hundreds of trojanized Python files that utilize encoding and encryption techniques to hide backdoor code. The campaign primarily uses the domain dieserbenni[.]ru, with a new domain 1312services[.]ru detected recently. The trojanized repositories exploit GitHub's UI feature where long lines of code don't wrap, allowing attackers to hide malicious code off-screen. This sophisticated technique makes visual detection challenging, highlighting the increasing stealth of supply chain attacks on open-source platforms.

OPENCTI LABELS :

backdoor,python,github,supply chain attack,stealth techniques,open-source security,trojanized repositories


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Threat actor Banana Squad exploits GitHub repos in new campaign