Clear DefinitionsTyposquatting
1 min read
Pronunciation
[tahy-poh-skwot-ing]
Analogy
Like setting up a fake storefront with a name one letter off from a popular shop to fool customers into entering.
Definition
The malicious practice of registering domains or packages with slight misspellings of legitimate projects to trick users into visiting or installing harmful code.
Key Points Intro
Typosquatting exploits human errors in URLs or package names to distribute malware or scams.
Key Points
Domain hijack: registers look-alike domains
Package clones: publishes near-identical packages to registries
Payload delivery: malicious code executes on install
User confusion: small typos are hard to spot
Example
An attacker publishes an npm package named “expresss” with extra 's', which contains malware that exfiltrates environment variables.
Technical Deep Dive
Automated scanners crawl domain registries and package indexes for name collisions. Defensive registries implement typo-collision detection, and package managers enforce two-factor authentication and scoped publishing to reduce risks.
Security Warning
Installing a typosquatted package can execute arbitrary code with full privileges.
Caveat
Vigilance by users and defensive tooling in registries are required to mitigate this risk.
Typosquatting - Related Articles
No related articles for this term.