where threat actors used a tactic called typosquatting to execute the attack. What is typosquatting, and how did the threat actors use it in this case?
Typosquatting is a variant of cybersquatting where the typosquatter registers potential input errors for common URL searches in the hopes that an individual will incorrectly type their desired URL into the search bar. The typosquatter will then monitor how many clicks their typo receives and, if it has a high volume of traffic, they will sell that information. Typosquatting can bring in advertising revenue by selling ads to the original site's competition or via redirect pages from the typo.
NPM (node package manager) disclosed that malicious software was published through its code repository using typosquatting. NPM said the malicious software was detected because software using the malicious library reached out to a malicious website where additional functionality was available for download.
However, in the incident NPM disclosed, the attacker used typosquatting to post code that resembled legitimate software names under project names on the NPM registry. Since this is a general typosquatting attack, it could be found in other software development environments.
This general typosquatting attack can be detrimental to developers who want to find a software project in the NPM registry. The developer might have two or more similarly named projects to search or choose from and, if they choose incorrectly, malicious libraries could be included. This is an easy way to attack software developers because it is sometimes difficult to identify which library or software to use when you are just looking at the title of an application or tool.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Nick Lewis
Researchers developed aIR-Jumper, an exploit that leverages lights within security cameras to extract data. Learn how this attack works and how to ...continue reading
The com.google.provision virus reportedly targets Android users, but little is known about it. Nick Lewis discusses the mystery threat and how Common...continue reading
A bug in Microsoft's Internet Explorer update exposes information that users enter into the browser's address bar. Learn more about the bug and URL ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.