Cybersecurity researchers recently discovered a new campaign where threat actors have published more than 67 GitHub repositories that claim to offer Python-based hacking tools, but deliver trojanized payloads instead. The campaign, codenamed Banana Squad, is a continuation of a rogue Python campaign from 2023 that targeted the Python Package Index (PyPI) repository with bogus packages that were downloaded over 75,000 times and came with information-stealing capabilities on Windows systems.