Banana Squad Hides Data-Stealing Malware in Fake GitHub Repositories

Banana Squad hid data-stealing malware in fake GitHub repos posing as Python tools, tricking users and targeting sensitive info like browser and wallet data.

ReversingLabs researchers recently uncovered a new and worrying attack method led by a group called Banana Squad. This group, first identified by Checkmarx researchers in October 2023, is known for their sneaky methods, with their name coming from an early harmful internet address, bananasquadru.

ReversingLabs team, including Principal Malware Researcher Robert Simmons, found over 60 fake project folders, called repositories, on GitHub. These folders looked like real computer hacking tools written in Python, but they were actually trojanized, meaning they contained hidden malicious code.

In their earlier attacks, starting in April 2023, Banana Squad put out hundreds of bad software packages under various usernames, researchers noted ...