In the traditional sense, we usually come across typosquatting in the form of attackers creating misspelled domain names to trick users away from legitimate sites. But this time, hackers have changed their approach.
According to the IT security researchers at Reversing Labs, a lesser-known application of typosquatting attack was seen where 700 malicious Ruby libraries or gems engineered to steal cryptocurrencies were uploaded to the RubyGems repository with misspelled names in a bid to invite unsuspicious developers to download them.
See: Govt minister’s Zoom webinar hijacked to display porn
These are believed to have been done between 16 and 25 February, 2020 by two user accounts named “Jim Carrey” and “PeterGibbons” with the latter still being active at the time of discovery.
Delving into the specifics, these libraries were copies of the legitimate ones and had been modified by adding malicious files. This extra file according to ReversingLabs, the firm that revealed this entire ordeal, was named aaa.png but in fact, it was a Windows PE executable and not ..
Support the originator by clicking the read the rest link below.
