Attackers Widen Package Deception Beyond Typosquatting Arabian Post

(MENAFN- The Arabian Post) clearfix"> Cybercriminals are shifting from crude misspellings of trusted software packages to more convincing names that appear to belong inside legitimate developer ecosystems, raising fresh concern across open-source security teams and enterprise software supply chains.

The change marks a significant evolution in package impersonation attacks. Rather than relying only on a developer mistyping a package name, malicious publishers are creating packages that look like natural extensions, plugins, configuration tools, SDKs, wrappers or versioned variants of widely used projects. The tactic exploits the way modern developers work, where new dependencies are often added quickly under deadline pressure and where popular frameworks commonly have large surrounding ecosystems of add-ons.

Analysis of 4,309 malicious packages found that 91 per cent of brandjacking malware went beyond the traditional typosquatting pattern, while only 9 per cent relied on straightforward misspellings. The most common tactic was suffix addition, accounting for 43.6 per cent of observed naming-variant techniques. These names often make a malicious package look related to a familiar project without copying it exactly.

Security researchers say the strategy is more dangerous because it blends into normal software development behaviour. Developers expect ecosystems such as React, ESLint, Tailwind and crypto tooling to include numerous related packages, including plugins, helper utilities, forms libraries, configuration modules and integration tools. Attackers are exploiting that expectation by making malicious packages appear adjacent to trusted projects rather than identical to them.

The threat is not confined to nuisance code or low-level spam. The dominant malicious behaviours identified in the dataset include host information exfiltration, secrets theft, droppers, backdoors and obfuscated code. Host and secrets exfiltration together accounted for more than half of observed threat labels, showing that attackers are prioritising developer environments, build pipelines and credentials over simple disruption.

See also Carnival breach raises cruise data risks

The theft of environment variables, registry tokens, cloud keys, GitHub tokens, SSH credentials and continuous integration secrets can turn one package installation into a wider compromise. A stolen token may allow attackers to publish malicious updates, reach source-code repositories, tamper with builds or gain access to cloud infrastructure. That makes package impersonation a pathway into trusted software projects rather than a narrow attack on individual developers.

React was the most heavily targeted ecosystem in the analysed brandjacking data, with 540 malicious packages aimed at 77 legitimate packages. ESLint followed with 220 malicious packages targeting 36 legitimate packages, while Tailwind-related campaigns involved 165 malicious packages aimed at 13 legitimate packages. Crypto and decentralised finance tooling also remained attractive, with 114 malicious packages targeting 10 legitimate packages.

The broader open-source malware picture has also worsened. More than 454,600 new malicious packages were identified during 2025, taking the cumulative total of known and blocked malicious packages above 1.23 million across npm, PyPI, Maven Central, NuGet and Hugging Face. npm remains the most exposed registry by volume, reflecting its scale, fast-moving dependency culture and heavy use in front-end and full-stack development.

The trend has unfolded alongside a string of high-impact supply-chain incidents involving both fake packages and compromised legitimate ones. Attacks against established npm packages have shown that threat actors are not relying on one route into the software chain. Some campaigns use plausible package names to lure developers, while others target maintainers through phishing or credential theft and then publish poisoned versions of real packages.

That dual approach is forcing security teams to reassess older defences. Traditional controls often focus on known-bad packages, exact-name typos, popularity signals or vulnerability databases. Those methods can miss newly published packages that look operationally normal, especially when attackers use convincing naming structures and clean-looking metadata before malicious behaviour is detected.

See also Hack contest exposes AI security gaps

The rise of artificial intelligence in development workflows is adding another layer of risk. Coding assistants and autonomous agents can suggest or install dependencies while resolving build errors, sometimes without enough context about package provenance or malicious indicators. That creates an opening for naming-variant attacks to spread through automated development behaviour, not only human error.

Security specialists are urging organisations to add stronger review points before unfamiliar dependencies enter developer machines, test environments or CI/CD pipelines. Higher scrutiny is especially important for packages that appear to be plugins, wrappers, SDKs, scoped modules, configuration helpers or version-like variants of popular projects.

Defenders are also moving towards campaign-level detection, examining publisher behaviour, naming patterns, package clusters and cross-ecosystem activity instead of treating every package as an isolated decision. A package that looks harmless on its own may appear suspicious when connected to repeated naming tactics, shared infrastructure or coordinated publication patterns.

MENAFN29052026000152002308ID1111184666