where threat actors used a tactic called typosquatting to execute the attack. What is typosquatting, and how did the threat actors use it in this case?
Typosquatting is a variant of cybersquatting where the typosquatter registers potential input errors for common URL searches in the hopes that an individual will incorrectly type their desired URL into the search bar. The typosquatter will then monitor how many clicks their typo receives and, if it has a high volume of traffic, they will sell that information. Typosquatting can bring in advertising revenue by selling ads to the original site's competition or via redirect pages from the typo.
NPM (node package manager) disclosed that malicious software was published through its code repository using typosquatting. NPM said the malicious software was detected because software using the malicious library reached out to a malicious website where additional functionality was available for download.
However, in the incident NPM disclosed, the attacker used typosquatting to post code that resembled legitimate software names under project names on the NPM registry. Since this is a general typosquatting attack, it could be found in other software development environments.
This general typosquatting attack can be detrimental to developers who want to find a software project in the NPM registry. The developer might have two or more similarly named projects to search or choose from and, if they choose incorrectly, malicious libraries could be included. This is an easy way to attack software developers because it is sometimes difficult to identify which library or software to use when you are just looking at the title of an application or tool.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Nick Lewis
Zscaler recently discovered a malvertising campaign that spreads the Terror exploit kit through malicious ads. Discover more about the threat with ... Continue Reading
Cybersecurity vendor Wordfence reported a rise in scans for SSH private keys that are often accidentally exposed to the public. Learn how to stay ... Continue Reading
The SANS Internet Storm Center discovered a DDE attack spreading Locky ransomware through Microsoft Word. Learn what a DDE attack is and how to ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.