Skip to main content

Tag: typosquatting

17 articles

User downloads software from computer in home office, with fake website and zip file in foreground.

ScreenConnect Exploited in Large-Scale Campaign Disguised as Freeware

Cybercriminals have launched a massive campaign disguising a malicious ScreenConnect installer as freeware, tricking users into downloading it from over 90 fake websites in 10 languages. The scam starts with a bogus OBS Studio download that secretly installs the ScreenConnect utility, ultimately delivering a nasty AsyncRAT payload.

Analyst 207
Developer workspace with laptop, terminal, and notes, hint of cloud diagram in background.

Malicious npm Packages Target Cloud Credentials

Malicious actors are targeting cloud credentials by publishing fake npm packages that mimic popular projects, allowing them to infiltrate developer environments and gain access to sensitive AWS and Elastic credentials. In just four hours, a single attacker published 14 malicious packages using cleverly disguised names.

Analyst 207
Cluttered workstation with laptops, notebooks, and software boxes shows signs of disarray.

Malicious Packages Exploit Realistic Identities

Malicious open source packages are getting smarter, with 91% using realistic identities and naming-variant tactics to blend in with legitimate projects, making them harder to spot. This shift away from simple typosquatting tricks means developers need to be extra vigilant when adding dependencies to their workflows.

Analyst 207
Cluttered coding workspace surrounds a laptop with a blurred webpage.

Typosquatting Evolves Into Supply Chain Threat

Typosquatting has morphed into a sinister supply chain threat, with attackers now embedding malicious lookalike domains within legitimate third-party scripts to intercept sensitive data. This alarming evolution has led to devastating attacks, such as the Trust Wallet compromise, where 2,500 wallets were drained in just 48 hours.

Analyst 207
Blurred computer screen amidst software development environment with hint of unease.

Shai-Hulud Malware Fuels npm Infostealer Campaign

Malicious actors have unleashed a new wave of chaos with the Shai-Hulud malware, using typosquatting tactics to spread four malicious npm packages that can steal sensitive info and wreak havoc on systems. The packages, published under the account deadcode09284814, masquerade as legitimate tools, but are actually designed to siphon off credentials, cloud configs, and more.

Analyst 207
Dimly lit laptop screen shows blurred software repository page with cursor over suspicious package.

Hugging Face Repository Exploits Typosquatting to Spread Infostealer Malware

Security researchers have uncovered a cunning malware attack on Hugging Face, where a fake repository mimicked a popular AI project, racking up over 244,000 downloads and 667 likes in just 18 hours. The malicious repository used a classic typosquatting trick to deceive users searching for the genuine project.

Analyst 207
Cluttered home office workstation with laptop displaying coding interface.

Malicious Hugging Face repository targets Windows users with infostealer malware

Malicious actors on Hugging Face tricked Windows users into downloading infostealer malware by creating a fake repository that mimicked OpenAI's popular Privacy Filter release. The rogue repository briefly shot to the top of Hugging Face's trending list, racking up 244,000 downloads before being swiftly removed.

Analyst 207
Cluttered developer workstation with laptop, notes, and coffee cups, blurred cityscape in background.

npm Ecosystem Faces Rising Threat from Sophisticated Malware Campaigns

The npm ecosystem's security has reached a critical turning point, with sophisticated malware campaigns on the rise and a new baseline of threats emerging since September 2025. Malicious actors are now exploiting developer trust, transforming nuisance attacks into high-consequence supply-chain threats.

Analyst 207
AtlasCross RAT Fuels Alarming Asia Cyber Espionage Expansion

AtlasCross RAT Fuels Alarming Asia Cyber Espionage Expansion

A new and sophisticated cyber threat, AtlasCross RAT, is targeting Chinese-speaking users in Asia, sparking concerns about the region's growing vulnerability to cyber espionage. As cyber adversaries expand their reach, the question is: are we prepared to face the rising tide of cyber attacks?

Analyst 207
Most Parked Domains Now a Stunningly Dangerous Threat

Most Parked Domains Now a Stunningly Dangerous Threat

Think typing a URL is safe? New research shows most parked domains—expired, dormant, or misspelled names—now funnel visitors into scams, fake installers and malware, so a simple typo or old bookmark can turn into a costly trap.

Analyst 207
Most Parked Domains Exclusive: Malicious Content Surge

Most Parked Domains Exclusive: Malicious Content Surge

Surprising new data shows most parked domains are now hosting malicious content—discover why parked domains are becoming a growing security risk and what easy steps you can take to stay protected.

Analyst 207
typosquatted npm package: Shocking Dangerous Heist

typosquatted npm package: Shocking Dangerous Heist

A single malicious line in a typosquatted npm package quietly CC’d thousands of Postmark emails to an attacker—turning a routine dependency into a stealthy data leak. It’s a wake‑up call: strong dependency hygiene, provenance checks, and runtime protections are essential to keep outbound messaging safe.

Analyst 207
fake IC3 pages: Must-See Dangerous Warning

fake IC3 pages: Must-See Dangerous Warning

Scammers are cloning the FBI’s IC3 complaint portal, turning the place victims go for help into a data‑harvesting trap. Before you report, verify fbi.gov links, use bookmarks, and follow official contact methods to keep your information safe.

Analyst 207
npm packages Must-Have Defense Against Risky Attacks

npm packages Must-Have Defense Against Risky Attacks

Attackers briefly pushed trojanized npm releases that spread fast through the cloud, mined only pennies, and left security teams scrambling to contain and remediate. It’s a wake‑up call: package convenience comes with real supply‑chain risk, so tighten controls, pin dependencies, and treat dependencies as first‑class security assets.

Analyst 207
supply chain attack: Stunning Near-Miss, Risky Lessons

supply chain attack: Stunning Near-Miss, Risky Lessons

A fast, coordinated open‑source response helped avert what could have been a massive npm supply‑chain breach, but the near miss raises urgent questions for developers, maintainers and policymakers about dependency hygiene, registry controls and long‑term resilience.

Analyst 207
malicious npm packages: Must-Stop Risky Supply-Chain Threat

malicious npm packages: Must-Stop Risky Supply-Chain Threat

Malicious npm packages and cloned GitHub repos are now weaponizing developer tooling to steal wallet keys and hijack Ethereum smart contracts, turning routine dependency installs into a direct route for theft. If you build dApps, treat every package as untrusted—use hardware wallets, isolate signing keys, and audit dependencies before they can cost you millions.

Analyst 207
malicious npm package: Risky Crypto-Theft Exclusive Alert

malicious npm package: Risky Crypto-Theft Exclusive Alert

A malicious npm package posing as the popular nodemailer email library slipped into projects with one line of dependency and carried code designed to siphon cryptocurrency—showing how a single careless install can turn a routine dependency into a financial threat. Audit your dependencies, pin versions, and use supply‑chain tools—convenience shouldn’t cost you your wallet.

Analyst 207