Cybersecurity researchers have uncovered campaigns involving trojanized open source hacking tools targeting developers, red teams, and cybercriminals. These campaigns utilize malicious payloads on GitHub to steal sensitive data and maintain remote access, showcasing a trend of supply chain compromise. #WaterCcurse #BananaSquad
Keypoints
- Water Curse used at least 76 GitHub accounts to inject malicious payloads into build scripts and project files.
- The malware aimed to steal credentials, browser data, session tokens, and establish persistent remote access.
- ReversingLabs linked a separate campaign by Banana Squad involving over 67 repositories with trojanized hacking tools.
- The campaigns involved various scripting languages and compiled binaries, including C#, JavaScript, PowerShell, and VBS.
- Both campaigns reflect broader supply chain threats and ongoing malicious activities since early 2023.
Read More: https://www.securityweek.com/new-campaigns-distribute-malware-via-open-source-hacking-tools/