A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes.
That’s according to the JFrog Security Research team, which said that the set of packages appeared earlier this week and steadily grew since then, from about 50 packages to more than 200.
Typosquatting refers to the practice of naming a malicious copycat file, package, web address and so on with a name that is so similar to an existing legitimate offering that the casual observer might not notice the difference. An example of typosquatting would be using “www.go0gle.com” (the second “o” is actually a zero) to lure in victims to a watering hole – obviously trying to masquerade as the ubiquitous search engine.
In this case, the cyberattackers were pretending to offer a key set of existing, legitimate packages for Azure.
“It became apparent that this was a targeted attack against the entire @azure npm scope, by an attacker that employed an automatic script to