Threat actor Banana Squad exploits GitHub repos in new campaign

Welcome to this week’s edition of Chainmail: Software Supply Chain Security News, which brings you the latest software security headlines, curated by the team at ReversingLabs (RL).

This week: RL threat research has discovered over 60 trojanized GitHub repositories containing hundreds of trojanized Python files. Also, cloud storage buckets are leaking secrets despite recent security improvements. 

This Week’s Top Story

Threat actor Banana Squad exploits GitHub repos in new campaign

RL Principal Malware Researcher Robert Simmons discovered 67 GitHub repositories hosting what at first glance appear to be hacking tools written in Python, but were actually trojanized look-alikes of other identically named repositories. The adversary behind this campaign, Banana Squad, was first spotted by researchers at Checkmarx in October 2023, who identified a series of malicious packages that accumulated close to 75,000 downloads.  

In this most recent campaign identified by RL, Simmons found that all of the trojanized repositories used the same names as legitimate, benign repositories already listed on GitHub. Each of the trojanized repositories contains trojanized Python files that utilize subterfuge, in which long lines of code do not wrap to a new line, allowing the threat actor to push any malicious code content off of the user’s screen – making it harder to detect visually.

This tactic of subterfuge was used in Banana Squad’s prior campaigns, and the payload URL structure as well as the trojanized Python files discovered also match those that have been used by the adversary. (RL Blog) 

This Week’s Headlines

Cloud storage buckets leaking secret data despite security improvements

A new Tenable report has revealed that nearly one in 10 publicly accessible cloud-storage buckets contained sensitive data, with virtually all of that data considered confidential or restricted. Despite this uptick, more than eight in 10 organizations using AWS have enabled an important identity-checking service, according to the report. Tenable also found that the number of organizations with “publicly exposed, critically vulnerable and highly privileged” cloud instances have declined from 38% to 29% between 2024 and 2025. (Cybersecurity Dive)

OSS platforms and AI tools exploited in malware surge

SafeDep and Veracode researchers have discovered a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The new research coincides with findings from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats on npm that are targeting cryptocurrency and blockchain ecosystems. New research from Trend Micro also suggests that npm has become a vehicle for slopsquatting, in which Large Language Models (LLMs) can hallucinate non-existent but plausible package names that bad actors can weaponize. (The Hacker News)

Multi-stage malware attack on PyPI discovered

Researchers at JFrog have recently discovered that PyPI has a malicious package in its repository, chimera-sandbox-extensions, that deploys an info-stealer that targets credentials, crypto wallets, and browser data, while also establishing persistence on infected systems. In response, PyPI temporarily stopped new project creation in order to contain the threat. (Security Magazine)

Water Curse employs 76 GitHub accounts to deliver multi-stage malware campaign

Trend Micro researchers have uncovered a “multi-stage malware campaign” attributed to a threat actor known as Water Curse that uses weaponized GitHub repositories across 76 accounts to deliver malicious payloads disguised as penetration testing tools like SMTP email bomber and Sakura-RAT. The campaign employs obfuscated scripts, anti-debugging and privilege escalation while leveraging legitimate platforms like GitHub and OneDrive to evade detection. (The Hacker News)

Learn how RL Spectra Assure provides early and actionable feedback on software supply chain risks like malware, tampering, and exposed secrets — without slowing down development.

The Best of RL

Webinar | Closing the Gaps in SCA-Based SBOMs

Thursday, June 26 at 12pm ET

New RL research reveals that SBOMs generated solely from manifests—common with SCA tools—miss nearly half of the actual components in deployed software. Learn why and how to make a better SBOM in this session. (Save your seat)

Blog | How to Deliver Speed to Service for TPRM

Learn how Spectra Assure accelerates third-party software approvals by automating security analysis, SBOM generation and compliance workflows. (Read it here)

ConversingLabs | The Threat of Package Hallucinations

In this episode of ConversingLabs, host Paul F. Roberts interviews Major Joe Spracklen, a PhD student at the University of Texas at San Antonio, who recently published a paper with his peers about the threat posed by code-generating LLMs. (Watch It Here)

For more insights on software supply chain security, see the RL Blog.