Typosquatting is a very common form of digital attack. The principle is extremely simple and one can easily be fooled if one is not careful.
There are so many ways for malware to infect your devices that it’s hard to know them all, but the “typosquatting” is one of the most devious. As the name suggests, hackers create sites, download links, and other URLs that look official, yet are malicious, with slight misspellings that are hard to detect.
The idea is simple, but typosquatting is extremely effective. According to a recent study by Cyble and BleepingComputer, there are hundreds of such URLs with common faults whose sole purpose is to infect Android or Windows devices with malware. And that only applies to specific typosquatting campaigns. It is important to know how these attacks work and how to protect against them.
There are several methods for a typosquatting attack to succeed. For example, hackers can create compelling login screens for popular apps and sites like TikTok or Twitter. Users “log in” to the fake site, thinking they are on the legitimate site, and thus give their usernames and passwords, opening the door to a whole lot of not unfriendly things.
Hackers can also publish malicious versions of popular apps, GitHub repos or other very common files via URLs that closely resemble official URLs. Sometimes they even use cloned versions of the files, to make them look legitimate, while secretly containing malware.
The typosquatting campaigns that Cyble and BleepingComputer uncovered use dangerous malware like Vidar Stealer that focuses on your banking information, logins, and other important personal data; Agent Tesla, which collects your information from browsers, VPNs and other apps; and even cryptocurrency theft programs.
Whatever is behind these poorly written URLs, the goal is to trick people into opening fake links instead of the real ones. A popular method is to use such links in phishing and smishing campaigns. Malicious people send emails or text messages claiming to come from this or that official service and users click on the link. Sometimes users make a simple typo in a URL or search term and land on a page with malware or download a dangerous file.
The best way for companies to combat these attacks is to buy these badly written URLs, so hackers can’t use them. That being said, there are ways to avoid them, if you know what to look for.
As is often said about phishing attacks, the easiest solution is to never click on links or download files from unknown or suspicious sources. Enabling spam filters can help, but some bogus links may still get through. Learn to spot the signs of phishing.
That being said, you can stumble upon a typosquatting link by tricking yourself into typing in a URL. So get into the habit of properly checking the site or link address you enter. You can also bookmark the sites you visit most often. You will be sure to arrive on the real page.
Similarly, make sure it’s the correct download link on sites like GitHub. Check the spelling to download the real content.
Another important check: the presence of HTTPS, which is more secure than HTTP. Some browsers have an option to “force HTTPS” and often won’t connect you to sites that don’t use HTTPS without telling you first.
Finally, good anti-malware software can serve as a last line of defense against a malicious file that you accidentally downloaded. But don’t just rely on it. You need to be proactive on a daily basis.
