Typosquatting Dependencies

Typosquatting Dependencies is a sophisticated Resource Development technique where attackers create malicious packages with names deliberately similar to legitimate, popular dependencies. In this subtechnique, adversaries leverage common typing mistakes, misspellings, or alternative character combinations that developers might accidentally type when importing dependencies. When developers inadvertently install these malicious lookalike packages, the embedded malicious code executes within their development environments or production systems, establishing persistence, exfiltrating sensitive data, or creating backdoor access. This technique has been observed across multiple package ecosystems including npm, PyPI, RubyGems, and Maven, with particularly high success rates in environments with manual dependency specification or where developers install packages through command line interfaces. The effectiveness of typosquatting stems from its passive nature - requiring no active exploitation but instead waiting for victims to make predictable mistakes during the software development process.