Photo credit: www.csoonline.com
Typosquatting is a method employed by cybercriminals to create deceptive websites, domains, or software packages that closely imitate legitimate ones. By taking advantage of common typing mistakes or minor discrepancies in spelling, these attackers are able to mislead users into downloading malware, disclosing sensitive personal information, or inadvertently installing harmful software.
In light of recent findings, a request has been made to eliminate the aforementioned malicious packages from the Go Module Mirror. Additionally, efforts are underway to flag the related GitHub repositories and user accounts associated with these threats.
Typosquatting of Hypert: Layout for RCE and More
The investigation revealed that attackers have created counterfeit versions of the widely used “hypert” library, which is essential for developers testing HTTP API clients. Four fraudulent releases were identified, all containing embedded functions designed for remote code execution. These typosquatting clones include the following versions: github.com/shallowmulti/hypert, github.com/shadowybulk/hypert, github.com/belatedplanet/hypert, and github.com/thankfulmai/hypert.
One notable package, “—–shallowmulti/hypert,” was particularly malicious. It executed shell commands aimed at downloading and running a harmful script from a domain variation (alturastreet[.]icu) that closely resembles the legitimate banking website alturacu.com.
Source
www.csoonline.com