A threat group dubbed “Banana Squad,” active since April 2023, has trojanized more than 60 GitHub repositories in an ongoing campaign, offering Python-based hacking kits with malicious payloads.