Typosquatting is a technique attackers use to create malicious websites, domains, or software packages with names that closely resemble legitimate ones. By exploiting common typing errors or slight variations, attackers trick users into downloading malware, revealing sensitive information, or installing harmful software.
Removal of the said malicious packages from the Go Module Mirror has been requested, along with the flagging of associated Github repositories and user accounts, the post added.
Typosquatting Hypert, Layout for RCE and more
According to the discovery, the attackers cloned the popular “hypert” library developers use for testing HTTP API clients, releasing four fake versions embedded with remote code execution functions. Typosquatting clones used included-github.com/shallowmulti/hypert, github.com/shadowybulk/hypert, github.com/belatedplanet/hypert, and github.com/thankfulmai/hypert.
One particular package,“—–shallowmulti/hypert”, executed shell commands to download and run a malicious script from a typo variation (alturastreet[.]icu.) of the legitimate banking domain alturacu.com.