VERY IMPORTANT

Banana Squad, a threat actor first identified in 2023, has launched a new campaign targeting GitHub repositories. The group has created over 60 trojanized repositories masquerading as hacking tools written in Python. These malicious repositories contain hundreds of trojanized Python files that utilize encoding and encryption techniques to hide backdoor code. The campaign primarily uses the domain dieserbenni[.]ru, with a new domain 1312services[.]ru detected recently. The trojanized repositories exploit GitHub's UI feature where long lines of code don't wrap, allowing attackers to hide malicious code off-screen. This sophisticated technique makes visual detection challenging, highlighting the increasing stealth of supply chain attacks on open-source platforms.