Threat actors have been using typosquatting to deceive unsuspecting users into visiting malicious websites or downloading harmful software. These attacks involve registering domains or packages with names slightly different from legitimate ones (e.g., goog1e.com vs. google.com).
Malicious actors have targeted open-source repositories like PyPI, npm, Maven Central, NuGet, RubyGems, and Crate by exploiting developers’ typing errors to launch software supply chain attacks.
A recent report by cloud security firm Orca reveals that even GitHub Actions, a CI/CD platform, is vulnerable to typosquatting attacks. Security researcher Ofir Yakobi warned that developers’ typos in GitHub actions could lead to running malicious code unknowingly.
Attackers can create GitHub actions mimicking popular ones and exploit users’ spelling errors to run malicious actions, potentially tampering with source code, stealing information, and spreading malware.
Users are urged to verify the names and sources of actions, stick to trusted sources, and regularly check for typosquatting in their CI/CD workflows to prevent such attacks.
Yakobi emphasized the need for vigilance in preventing typosquatting attacks, especially in private repositories where the impact of such attacks could be more severe.
