Sonatype examined 4,309 malicious open source packages and found that 91% relied on naming-variant tactics rather than classic typosquatting — a shift that turns what looks like routine dependency noise into a deliberate avenue for compromise.
Naming-variant tactics: moving beyond typosquatting
The firms' analysis shows that typosquatting — simple misspellings of a popular project — accounts for only 9% of malicious packages. Instead, attackers are adopting naming variants that fit naturally into developer workflows: plugins, configs, SDKs and wrappers that look adjacent to legitimate projects. Brian Fox, CTO and co‑founder of Sonatype, summed up the change bluntly: "Typosquatting is table stakes now."
Sonatype's finding matters because these adjacent names are not benign lookalikes. A package that appears to be a routine helper or plugin can deliver multi-stage behavior and sit on a developer's machine before it has built a reputation, Fox warned.
Suffix addition, prefixes and dependency-mimicry
Attackers have adopted a palette of subtle naming tricks. Sonatype recorded suffix addition as the single most common tactic, responsible for 43.6% of cases. Other observed approaches include prefixes, embedding target terms inside names, dependency‑confusion patterns and version mimicry.
These names succeed because they feel routine: developers expect popular frameworks to carry a long tail of add-ons, so words like "plugin," "config" and "sdk" rarely trigger suspicion. That everyday language gives attackers room to hide multi‑stage behavior in plain sight.
Payloads: host and secrets exfiltration, droppers and backdoors
Beyond naming, the payloads in these malicious packages are consequential. Sonatype reports the most common behaviors were host and secrets exfiltration, followed by droppers and backdoors. In practice, that turns a routine install into a route for credential theft and follow‑on compromise rather than a harmless dependency annoyance.
The combination of plausible packaging and effective payloads is what elevates the risk: attackers borrow the language and structure of real software ecosystems while embedding capabilities that can reach into developer machines and enterprise builds.
Targeted ecosystems: React, ESLint, Tailwind, crypto and DeFi
The activity clusters where adjacent packages are already common. React was the most‑targeted ecosystem, with 540 malicious packages identified by Sonatype. It was followed by the ESLint plugin and config ecosystem and Tailwind's library of add‑ons. Sonatype also flagged crypto and DeFi tooling as featuring heavily in the dataset.
Sonatype additionally pointed to evidence of industrialization: the same naming tactics, infrastructure and identities were reused across multiple package families instead of appearing as isolated, one‑off attempts. This reuse is why the vendor argues defenders should evaluate suspicious packages at the campaign and publisher level rather than in isolation.
What this means for security teams, developers, and procurement leaders
- Security teams: Typosquatting detection and static reputation checks are no longer sufficient. Sonatype urged organizations to add friction for first‑seen dependencies and to weigh naming patterns and publisher behavior before a component enters the build.
- Developers: Be alert to framework‑adjacent names — plugins, configs, SDKs and scoped modules — which are increasingly used as cover for exfiltration and backdoors. A malicious package may already be present on a machine before it shows any reputational signals.
- Procurement leaders and build owners: Scrutinize anything that looks framework‑adjacent and consider policies that impose review or delay for first‑seen dependencies, since attackers are reusing infrastructure and identities across package families.
Sonatype's central message is direct: attackers have graduated from simple misspellings to realistic impersonation that borrows the language and habits of real ecosystems. Defenders must stop treating each package as an island and start treating naming patterns, publisher behavior and first‑seen dependencies as indicators worthy of process and friction.
https://www.infosecurity-magazine.com/news/attackers-beyond-typosquatting/




