All news with #typosquatting dependency tag

🔍 Sonatype's analysis of 4,309 malicious open source packages shows attackers favor naming-variant tactics over simple misspellings. 91% used suffixes, prefixes, embedded terms and dependency-confusion patterns to appear as plausible plugins, configs or SDKs. These packages often perform host and secrets exfiltration, droppers and backdoors, converting routine installs into compromise. Security teams are urged to scrutinize framework-adjacent components and assess publisher and campaign behavior, as typo detection alone is insufficient.

⚠ A malicious NuGet package, StripeApi.Net, was uploaded on February 16, 2026 and impersonated Stripe.net by reusing the official icon, a near-identical README and inflated download counts across hundreds of versions. The package implemented legitimate payment functions but altered key methods to capture and exfiltrate Stripe API tokens while leaving payment processing appearing to work normally. ReversingLabs discovered and reported the package and it was removed from NuGet before wide impact.

⚠️ ReversingLabs uncovered a malicious NuGet package named StripeApi.Net that impersonated the widely used Stripe.net .NET library for Stripe payments. The typosquatting listing duplicated icons, documentation and tags and used the publisher name 'StripePayments' while retaining a default avatar to appear credible. The fake package accrued an apparently inflated 180,000-plus downloads by spreading roughly 300 downloads across 506 versions. Subtle code changes captured Stripe API keys and a machine identifier and exfiltrated them to an attacker-controlled Supabase database; NuGet removed the package quickly after it was reported and investigators found only a test entry.

🐛 Socket researchers disclosed an active npm supply-chain campaign dubbed SANDWORM_MODE that leverages typosquatted packages to infiltrate developer machines, CI pipelines, and AI coding assistants. The malicious packages (at least 19 observed) harvest npm and GitHub tokens, environment secrets, and cloud keys, then use stolen credentials to modify repositories and amplify via weaponized GitHub Actions. The campaign also injects a malicious MCP server into AI tool configs to enable prompt-injection exfiltration, includes a dormant polymorphic engine, and implements a configurable 'dead switch' that can wipe home directories.

🔐 Developers and the tools they rely on are increasingly targeted as attackers move beyond exploiting application bugs to compromising developer workflows and ecosystems. Threats include typosquatting, malicious open-source packages, compromised plugins, supply-chain hijacks and fake employees who gain insider access. AI increases the scale and plausibility of social engineering, code changes and malicious package recommendations. Security leaders should combine identity hygiene, least-privilege, secrets management, whitelists and continuous hands-on developer training to reduce risk.

🐛 The article warns that modern software supply chains are increasingly vulnerable, highlighting incidents like Shai-Hulud, React2Shell, and XZ Utils as examples of threats that evolved from passive typosquatting to active, worm-like propagation. Once onboard, these worms harvest developer credentials to push infected packages and can trigger destructive dead-man wipes if analyzed. CISOs are urged to end implicit trust in CI/CD identities, break down security silos, adopt cross-functional monitoring, and prepare for AI-driven and polyglot supply-chain attacks.

⚠️ AI-powered VS Code forks such as Cursor, Windsurf, Google Antigravity and Trae were found recommending extensions that do not exist in the Open VSX registry, creating unclaimed namespaces attackers could register. Koi researcher Oren Yomtov showed that a single click on a suggested install (for example, a placeholder ms-ossdata.vscode-postgresql) can deploy a rogue package, and one placeholder received over 500 installs. Cursor and Google have released fixes, and the Eclipse Foundation removed non-official contributors and tightened registry safeguards. Developers should verify publishers before accepting IDE extension recommendations.

⚠ Forked IDEs based on Microsoft VSCode (such as Cursor, Windsurf, Google Antigravity and Trae) retain hardcoded extension recommendations that point to Microsoft's Visual Studio Marketplace. Because these forks use OpenVSX instead, several recommended publisher namespaces were unclaimed, enabling attackers to register them and publish malicious extensions. Supply-chain researchers at Koi claimed affected namespaces and uploaded inert placeholders while coordinating with the Eclipse Foundation to secure the registry.

🔒 A malicious NuGet package named "Tracer.Fody.NLog" was published on February 26, 2020 and impersonates the legitimate Tracer.Fody maintainer to deliver a cryptocurrency wallet stealer. The embedded Tracer.Fody.dll scans the default Stratis wallet directory (%APPDATA%\StratisNode\stratis\StratisMain), reads *.wallet.json files and in-memory passwords, and exfiltrates data to 176.113.82[.]163. Socket researcher Kirill Boychenko highlighted multiple evasion tactics — a typosquatted publisher name, Cyrillic lookalikes in code, and a hidden routine inside a helper method that runs during normal execution while suppressing exceptions.

⚠️ A malicious npm package, @acitons/artifact, impersonated the legitimate @actions/artifact module and was uploaded on November 7 to specifically target GitHub Actions CI/CD workflows. It included a post-install hook that executed an obfuscated shell-script named "harness," which fetched a JavaScript payload (verify.js) to detect GitHub runners and exfiltrate build tokens. Using those tokens the attacker could publish artifacts and impersonate GitHub; the package accrued over 260,000 downloads across six versions before detection.

🔍 Cybersecurity researchers uncovered a malicious npm package, @acitons/artifact, that typosquats the legitimate @actions/artifact package to target GitHub-owned repositories. Veracode says versions 4.0.12–4.0.17 included a post-install hook that downloaded and executed a payload intended to exfiltrate build tokens and then publish artifacts as GitHub. The actor (npm user blakesdev) removed the offending versions and the last public npm release remains 4.0.10. Recommended actions include removing the malicious versions, auditing dependencies for typosquats, rotating exposed tokens, and hardening CI/CD supply-chain protections.

🕵️ Researchers at Koi Security uncovered an ongoing npm credential-harvesting campaign called PhantomRaven, active since August 2025, that steals npm tokens, GitHub credentials and CI/CD secrets. The attacker hides malicious payloads using Remote Dynamic Dependencies (RDD), fetching code from attacker-controlled servers at install time to bypass static scans. The campaign leveraged slopsquatting—typo variants that exploit AI hallucinations—to increase installs; Koi found 126 infected packages with about 20,000 downloads and at least 80 still live at publication.

🛡️ Security researchers discovered two malicious Rust crates impersonating the legitimate fast_log library that covertly scanned source files for Solana and Ethereum private keys and exfiltrated matches to a hardcoded command-and-control endpoint. Published on May 25, 2025 under the aliases rustguruman and dumbnbased, the packages — faster_log and async_println — accumulated 8,424 downloads before crates.io maintainers removed them following responsible disclosure. Socket and crates.io preserved logs and artifacts for analysis, and maintainers noted the payload executed at runtime when projects were run or tested rather than at build time.