Hacking operation Banana Squad has harnessed 67 now-removed GitHub repositories with trojanized hacking tools to compromise developers with malware as part of a new attack campaign, Infosecurity Magazine reports.
All GitHub accounts leveraged by attackers were discovered to host a lone repository each, with the repositories originating from the 1312services[.]ru and dieserbenni[.]ru domains, findings from a ReversingLabs analysis revealed. Banana Squad was also observed to have exploited Base64, Fernet, and Hex encryption methods to conceal nefarious payloads within the repositories. With the threat signaling increasingly clandestine tactics to compromise GitHub, developers have been advised to ensure repository verification and avoid mostly inactive single-repository GitHub accounts, as well as leverage source code differential analysis tools and track dubious domain activity. Such a development comes almost two years after Banana Squad was initially reported to have uploaded malicious packages to PyPI repositories, which have been installed across almost 75,000 Windows systems before being dismantled.
All GitHub accounts leveraged by attackers were discovered to host a lone repository each, with the repositories originating from the 1312services[.]ru and dieserbenni[.]ru domains, findings from a ReversingLabs analysis revealed. Banana Squad was also observed to have exploited Base64, Fernet, and Hex encryption methods to conceal nefarious payloads within the repositories. With the threat signaling increasingly clandestine tactics to compromise GitHub, developers have been advised to ensure repository verification and avoid mostly inactive single-repository GitHub accounts, as well as leverage source code differential analysis tools and track dubious domain activity. Such a development comes almost two years after Banana Squad was initially reported to have uploaded malicious packages to PyPI repositories, which have been installed across almost 75,000 Windows systems before being dismantled.
