Myrror Security Logo
Supply Chain Attack Detection

πŸ”  Typosquatting

Typosquatting is a malicious technique leveraged in software supply chain attacks. Attackers exploit developers' tendency to make typos when entering package names by creating packages with names that closely resemble those of legitimate, popular packages. These malicious packages are then uploaded to public repositories, hoping developers will unknowingly install them instead of the intended ones.

How Typosquatting Works in a Supply Chain Attack

  • Identify Popular Packages: Attackers target widely used and trusted packages within the development community.
  • Create Typosquatted Packages: Attackers develop malicious packages with names that are slightly misspelled versions of the legitimate packages. Common tactics include:
    • Single character substitutions (e.g., "jquery" vs. "jequery")
    • Swapping of adjacent characters (e.g., "lodash" vs. "loshda")
    • Missing or extra characters (e.g., "react" vs. "reactj")
  • Upload to Public Repositories: Attackers upload these typosquatted packages to public package repositories, hoping they'll be indexed and appear in search results.
  • Exploit Developer Mistakes: When developers make typos while searching for or installing packages, they might unknowingly install the malicious typosquatted package instead of the legitimate one.
  • Compromise Development Environment: Once installed, the malicious package can execute arbitrary code within the development environment, potentially leading to:
    • Data Exfiltration: Stealing sensitive information from the development environment.
    • System Compromise: Gaining unauthorized access to development systems.
    • Supply Chain Compromise: Introducing malicious code into the final application, impacting end-users.

Myrror Security's Advantage in Detecting Typosquatting Attacks

Myrror Security, the industry-leading SCA solution with a focus on reachability and exploitability prioritization, offers a robust defense against typosquatting attacks:

  • Package Dependency Analysis: Myrror Security meticulously analyzes all dependencies within your project, identifying not only the intended packages but also any typosquatted variants that might be present.
  • Vulnerability Detection: Myrror Security's comprehensive vulnerability database includes known typosquatting attempts, allowing it to flag these malicious packages and alert developers before installation.
  • Risk Prioritization: By prioritizing vulnerabilities based on reachability and exploitability, Myrror Security focuses your attention on the typosquatted packages with the highest potential for causing damage. This saves development teams time and resources by directing efforts toward the most critical threats.

Myrror Security has developed analysis engines with reachability analysis that are fully capable of hunting these types of sneaky attacks. By design, Myrror takes the final builds of the dependencies and understands them well before proceeding to find paths to their vulnerabilities. Since the typosquatted dependency contains malicious code, Myrror would flag it as a security flaw due to the suspicious code pattern, regardless of the name itself. This adds an extra layer of security to analyzing if the dependency has been manipulated. Myrror not only finds if such a sneaky attack has happened, but it also identifies the malicious code and provides pip-point data to the security professional, with priorities as well as a remediation plan for patching it.

Configuring Myrror to Scan for Malicious Code Detection

To enable the detection of typosquatting, you can add it from the configuration settings of Myrror. Myrror supports using scan configuration that developers can configure and use them as per their requirements. In these scan configuration options, there is a portion with toggling the Tampering & Risky Code (Trojans) and Supply Chain (Trojan) sections. Enabling this option would enable the detection of typosquatting in repositories.

image1

Open the Scan Configurations menu and select scan options that need to be updated with Detection of Typosquatting or create a new scan option if required by clicking the + button.

image2

Multiple Scan configurations can be configured and used as per the requirements and frequency of scanning.

Recommendations for Developers

Here are some best practices to mitigate the risk of typosquatting attacks:

  • Double-check Package Names: Pay close attention to spelling and avoid typos when searching for or installing packages.
  • Verify Package Details: Before installing a package, review its description, author information, and reviews to ensure its legitimacy.
  • Leverage Version Control: Utilize version control systems to track package versions and revert to previous versions if necessary.
  • Enable Multi-Factor Authentication (MFA): Implement MFA on package repository accounts to add an extra layer of security.
  • Stay Informed: Keep yourself updated on the latest typosquatting trends and vulnerabilities.

By following these recommendations and utilizing Myrror Security's advanced SCA capabilities, developers can significantly reduce the risk of falling victim to typosquatting attacks and ensure a secure software development lifecycle.

Previous

πŸŒ€ SAML Integration - Okta

Next

πŸ€·β€β™‚οΈ Dependency Confusion

On this page

How Typosquatting Works in a Supply Chain AttackMyrror Security's Advantage in Detecting Typosquatting AttacksConfiguring Myrror to Scan for Malicious Code DetectionRecommendations for Developers