where threat actors used a tactic called typosquatting to execute the attack. What is typosquatting, and how did the threat actors use it in this case?
Typosquatting is a variant of cybersquatting where the typosquatter registers potential input errors for common URL searches in the hopes that an individual will incorrectly type their desired URL into the search bar. The typosquatter will then monitor how many clicks their typo receives and, if it has a high volume of traffic, they will sell that information. Typosquatting can bring in advertising revenue by selling ads to the original site's competition or via redirect pages from the typo.
NPM (node package manager) disclosed that malicious software was published through its code repository using typosquatting. NPM said the malicious software was detected because software using the malicious library reached out to a malicious website where additional functionality was available for download.
However, in the incident NPM disclosed, the attacker used typosquatting to post code that resembled legitimate software names under project names on the NPM registry. Since this is a general typosquatting attack, it could be found in other software development environments.
This general typosquatting attack can be detrimental to developers who want to find a software project in the NPM registry. The developer might have two or more similarly named projects to search or choose from and, if they choose incorrectly, malicious libraries could be included. This is an easy way to attack software developers because it is sometimes difficult to identify which library or software to use when you are just looking at the title of an application or tool.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Nick Lewis
A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can ... Continue Reading
CyberArk researchers created an attack called Golden SAML that uses Mimikatz techniques and applied it to a federated environment. Learn more about ... Continue Reading
The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.