21CTO

Jun 21, 2025 · Information Security

Malicious Python Packages Hijacking Open‑Source Repos: The Banana Squad Threat

Security researchers at ReversingLabs have uncovered a coordinated campaign by the “Banana Squad” that injects malicious Python toolkits into hundreds of seemingly legitimate open‑source GitHub repositories, using domain squatting, repository impersonation, and hidden code obfuscation to steal sensitive data and evade detection.