VERY IMPORTANT

ReversingLabs researchers have uncovered a new campaign by the threat actor Banana Squad, involving over 60 GitHub repositories containing hundreds of trojanized Python files. The attackers create fake user accounts to host malicious repositories that mimic legitimate ones, using a technique that hides malicious code off-screen with long spaces. The campaign primarily uses the domain dieserbenni[.]ru, with a new domain 1312services[.]ru detected recently. The trojanized files employ various encoding and encryption methods to conceal malicious payloads. This campaign demonstrates an increasing trend in sophisticated open-source software supply chain attacks targeting platforms like GitHub.