In this blog post, we guide you through how typosquatting works and how you can detect and prevent typosquatting to protect your customers and your business. com domain registrations are typo domains and their number is increasing. Research is scarce but indicates that more than 20% of all. Known as typosquatting, this phenomenon is posing a growing problem for brand owners as well as consumers. Cybercriminals know this too and take advantage of it by using slightly different variations of well-known domain names to build websites. It's highly recommended that developers who unintentionally downloaded the libraries into their projects should check to see if they've used the correct package names and did not accidentally use the typosquatted versions.We all know how easy it is to mistype a web address. Given the lack of scrutiny involved during the package submission, review, and approval, it's been easy for malware authors to publish trojanized libraries with names very close to existing packages. Popular repository platforms such as Python Package Index (PyPi) and GitHub-owned Node.js package manager npm have emerged as effective attack vectors to distribute malware. This is not the first time typosquatting attacks of this kind have been uncovered. Typosquatting in Software Packages on the Rise RubyGems is a popular package manager that makes it easy for developers to distribute, manage, and install Ruby programs and libraries.Īlthough no transactions were made to this wallet, all the malicious gems were traced to two account holders, "JimCarrey" and "PeterGibbons," with "atlas-client" registering 2,100 downloads, approximately 30% of the total downloads racked up by the legitimate "atlas_client" gem. Typosquatting is a form of brandjacking attack that typically relies on users putting themselves in harm's way by mistyping a web address or a library name that impersonates popular packages in software registries. Typosquatting Ruby Gems to Steal Cryptocurrency But just clicking a button or running a simple command can sometimes be a dangerous thing, as threat actors also share an interest in this convenience by compromising developer accounts or their build environments, and by typosquatting package names," it added. "Consequently, including another project dependency has become as easy as clicking a button or running a simple command in the developer environment. "Being closely integrated with the programming languages, the repositories make it easy to consume and manage third-party components," the cybersecurity firm said. In other words, this particular supply chain attack targeted Ruby developers with Windows systems who also happened to use the machines to make Bitcoin transactions.Īfter the findings were privately disclosed to RubyGems maintainers, the malicious gems and associated attackers' accounts were removed, almost two days later on February 27. ReversingLabs said the typosquatted packages in question were uploaded to RubyGems between February 16 and February 25, and that most of them have been designed to secretly steal funds by redirecting cryptocurrency transactions to a wallet address under the attacker's control. The malicious campaign leveraged the typosquatting technique where attackers uploaded intentionally misspelled legitimate packages in hopes that unwitting developers will mistype the name and unintentionally install the malicious library instead. In the latest research shared with The Hacker News, cybersecurity experts at ReversingLabs revealed over 700 malicious gems - packages written in Ruby programming language - that supply chain attackers were caught recently distributing through the RubyGems repository. As developers increasingly embrace off-the-shelf software components into their apps and services, threat actors are abusing open-source repositories such as RubyGems to distribute malicious packages, intended to compromise their computers or backdoor software projects they work on.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |