Malicious Copycat Repositories Emerge in Large Numbers on GitHub

The researchers at the National Cyber Security Agency have identified a sophisticated campaign that involved malicious actors uploading more than 67 deceptive repositories to GitHub, masquerading as legitimate Python-based security and hacking tools. 

In truth, these repositories actually serve as a vehicle through which trojanized payloads are injected into the system, thus compromising unsuspecting developers and security professionals.
In a report by ReversingLabs under the codename Banana Squad, uncovered in 2023, that an earlier wave of attacks appeared to be an extension of that earlier wave, it appears that this operation is an extension of the earlier attack wave. 

During the previous campaign, counterfeit Python packages were distributed by the Python Package Index (PyPI) and were downloaded over 75,000 times and included the information-stealing capability that targeted Windows environments in particular.
With their pivotal focus on GitHub, the attackers are taking advantage of the platform’s reputation as a trusted source for open-source software to make their malicious code more likely to infiltrate, thus expanding their malicious code’s reach. 

As a result of this evolving threat, it is becoming increasingly obvious that the software supply chain is facing persistent threats, and ensuring that packages and repositories are authenticated before

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.