Threat actor Banana Squad exploits GitHub repos in new campaign

SUMMARY :

ReversingLabs researchers have uncovered a new campaign by the threat actor Banana Squad, involving over 60 GitHub repositories containing hundreds of trojanized Python files. The attackers create fake user accounts to host malicious repositories that mimic legitimate ones, using a technique that hides malicious code off-screen with long spaces. The campaign primarily uses the domain dieserbenni[.]ru, with a new domain 1312services[.]ru detected recently. The trojanized files employ various encoding and encryption methods to conceal malicious payloads. This campaign demonstrates an increasing trend in sophisticated open-source software supply chain attacks targeting platforms like GitHub.

OPENCTI LABELS :

open-source,python,github,software supply chain,code obfuscation,trojanized repositories


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Threat actor Banana Squad exploits GitHub repos in new campaign