A typosquatting attack involves the attacker creating a library title that is intentionally mistyped, so it differs from the original correct one. Once completed, it’s a waiting game for potential victims to accidentally misspell or type a library name and end up with one that the attacker created for this purpose.


The example that was used previously was published at the end of 2019. Although still quite recent to a certain degree, following further research by ReversingLabs it was discovered that typosquatting is still being used in the wild.


In that example, PyPi was mentioned. Now, there has been a further discovery within RubyGems, similar to the issue which took place with PyPi. It was found that typosquattting was used on 700 libraries which had malicious intent. These were uploaded in February 2020. 


It has been mentioned that software developers with windows systems were the apparent targets, those which may have made bitcoin transactions. It was believed that the intention was to steal cryptocurrency and transfer it to a wallet of the attackers’ choice. 


Following this discovery, these malicious gems were removed a couple of days later. 


Checking every library that gets included into an application may have its difficulties, but the simple step of ensuring that library names have been correctly typed could be the difference between a  more secure library, or having a library becoming a potential target for malicious use, which ultimately could cause loss of data, which may have financial or reputational consequences.


Solutions such as library screening and holding repositories internal to your network help lower the risk of potential mistakes.



Reference:  here

Join us in a partnership founded in research, education and execution

Our success is built on protecting our clients’ success. We have a distinguished track record of supporting our clients in building secure by design environments. Our consultants have successfully ushered in new security practices in leading pharmaceutical, energy and retail institutions. Bramfitt has over 50 specialists around the world and we are committed to forging long-term relationships with our clients, providing them with genuine insight and practical advice, and supporting them as they navigate the everchanging security landscape.

Let us be your partner for the next phase of your security journey.

EMEA Headquarters
Tower 42, 25 Old Broad Street London, EC2N 1HN
+44 (0) 208 187 4234
AMER Headquarters
45 Rockefeller Plaza, 20th Floor New York, NY 10111
+1 (800) 468-6046
APAC Headquarters
96 Wanneroo Rd, Yokine WA 6060, Australia
iasme consortium
iasme consortium
cyber essentials
cyber essentials plus
iot security assured
ukas iso 9001ukas iso 27001
Back to top
Get in touch