Tag: open-source security

2 Attack Reports | 0 Vulnerabilities

Attack reports

Threat actor Banana Squad exploits GitHub repos in new campaign

ReversingLabs researchers have uncovered a new campaign by the threat actor Banana Squad, involving over 60 GitHub repositories containing hundreds of trojanized Python files. The attackers create fake user accounts to host malicious repositories that mimic legitimate ones, using a technique that h…
backdoor
python
open-source
github
stealth techniques
supply chain attack
software supply chain
open-source security
code obfuscation
2025-06-19
2025-06-20
trojanized repositories
Published: June 20, 2025
Downloadable IOCs: 275

Differential analysis raises red flags over @lottiefiles/lottie-player

ReversingLabs researchers discovered malicious versions of the popular npm package @lottiefiles/lottie-player. Versions 2.0.5, 2.0.6, and 2.0.7 were compromised and used to spread malicious code designed to steal crypto wallet assets. The attackers altered the lottie-player.js file, replacing its c…
npm
cryptocurrency theft
supply chain attack
2024-11-22
package compromise
open-source security
differential analysis
Published: November 22, 2024
Downloadable IOCs: 0
Click here to see more Attack Reports