Attackers Move Past Typosquatting to Realistic Package Impersonation
Source: Infosecurity-Magazine
Published:
<p>Most malicious open source packages have moved beyond misspelling popular project names, instead disguising themselves as plausible plugins, configs and helpers that fit naturally into a developer's workflow.</p> <p>That is the central finding of new analysis by Sonatype, which examined 4309 mali