Attackers Move Past Typosquatting to Realistic Package Impersonation
✦ NabkaNews BriefAuto-summarized from multiple outlets · verify with the source
Attackers are reportedly moving beyond typosquatting to create realistic impersonations of packages, with some campaigns targeting web3 projects and crypto wallet operators. There are indications of a brandjacking campaign on npm, with lookalike packages hiding malicious code, including a multi-stage windows remote access trojan. The scope and details of the attacks are not entirely clear, with varying reports on the methods and targets involved.
Full coverage
12345678