coolvilla.blogg.se - Examples of typosquatting

EXAMPLES OF TYPOSQUATTING SOFTWARE
EXAMPLES OF TYPOSQUATTING DOWNLOAD

The funds are transferred into several mining pools, including: The payload shell script downloads and executes a 3rd party crypto miner, either T-Rex for mining Ethereum or ubqminer / PhoenixMiner for mining Ubiq.

EXAMPLES OF TYPOSQUATTING DOWNLOAD

The malicious packages download and execute a payload shell script.Some of the above packages were just proxy packages, which included an actual malicious package as part of their dependencies.learninglib, mllearnlib – Typosquatting packages alluding to learnlib and mllearn.

Maratlib, maratlib1, mplatlib, matplatlib-plus – Typosquatting packages alluding to the popular matplotlib or mplotlab.

The attacker published six malicious packages into PyPI –.

The typosquatting attack flow of the malicious published packages can be summarized in the following way:

Present actionable solutions that developers may use to detect and prevent such attacks on their machines.

Analyze a newer variant of one of the attacking packages.

Present an easy way to deobfuscate the attacker’s packages.

Discuss additional methods for automatically detecting these malicious packages which may indicate a possible supply chain attack.

In this blog post, we present our own additional research done on top of a novel detection by Sonatype, where a few PyPI packages were detected as malicious packages, packing a crypto-miner payload that mines Ethereum or Ubiq for the attacker.

EXAMPLES OF TYPOSQUATTING SOFTWARE

The implications can be severe: in many cases, it can mean a complete takeover of the developed program or device by an attacker.Īttackers attempt to generate this scenario in several ways, among them trying to introduce malicious or vulnerable code into open-source projects and using Typosquatting – adding malicious code into software repositories such as PyPI and npm under names which could be included in a project by mistake (such as misspelled names of legitimate software packages). The complexity of the modern software development process and its reliance on large community-maintained codebases introduces a risk for developers to inadvertently include malicious code into the project. Itay Vaknin, Threat Intelligence Researcher.