Police have issued a warning about the growing menace of typosquatting, a cybercrime in which fraudsters create websites with misspelled addresses of well-known organisations to trick users into visiting scam sites. https://english.mathrubhumi.com/news/india/typosquatting-scams-avoid-fake-websites-india-uj75g416?utm_source=dlvr.it&utm_medium=mastodon #typosquatting #cybercrime #onlinescam #fakewebsites #phishing
#typosquatting
A simple typo could be the door hackers use to break in. Malicious npm packages with nearly identical names are now tricking developers to steal credentials and data. Curious how a spelling error can lead to major breaches?
#npmsecurity
#typosquatting
#supplychainattack
#malware
#infostealer
HACKLOG 2x14 - Attacchi al Dominio Web e Domain Hijacking (Cyber/Typosquatting, Enumerazione)
🛠 Typo Sniper is an async typosquatting & domain threat intelligence scanner. Detects lookalike domains, integrates with URLScan, Doppler, & AWS Secrets Manager. #dns #tools #phishing #typosquatting [ https://github.com/ChiefGyk3D/typo-sniper ] #informatique
@nixCraft ...espechally since the #TrademarkClearinghouse isn't responsible for #Typosquatting - #domains…
Are you staying ahead of domain threats? 👀
With typosquatting and lookalike domains on the rise, AJ Nash walks through how to detect and monitor suspicious activity using Silo.
Learn how to maintain vigilance and keep your brand safe in our latest Intel Drop:
https://bit.ly/4kGS8jq
We've seen it before, but it bears highlighting again: current affairs always lead to a domain gold rush! The newly announced "America Party" has already triggered a wave of sketchy-looking domain registrations, many using the .party TLD. Several redirect to rawdiary[.]com, a five-month-old site hosting third-party articles from sources like OANN, Newsmax and Breitbart, as well as more moderate sources like the FT and the BBC. Others are parked. These domains aren’t inherently malicious, but they're certainly opportunistic and built to look like news. Web content flips fast, so here’s a snapshot of domains unlikely to have been registered for anything in good-faith:
ameirca[.]party
amerca[.]party
amercia[.]party
americs[.]party
amerika[.]party
ameroca[.]party
ameruca[.]party
hyperamerica[.]party
theunitedstates[.]party
americanparty[.]pics
americanparty[.]vip
americaparty[.]ink
americaparty[.]town
theamericanparty[.]vip
americanparty[.]pro
#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #americaparty #osint #typosquatting
💼 Recruitment-Themed #Phishing Campaigns Target Facebook Users.
🚨 A new wave of phishing attacks is targeting job seekers with fake job offers impersonating brands like Red Bull, Tesla, Meta AI, and others. Attackers use #spearphishing emails to lure victims into applying for fictional positions by logging in via Facebook. These campaigns often spoof legitimate recruitment platforms like indeed[.]com using #typosquatted domains.
👨💻 See analysis sessions:
Porsche: https://app.any.run/tasks/cce7aac5-0cea-400b-aec6-1f436e74dd25/?utm_source=mastodon&utm_medium=post&utm_campaign=phishing_facebook&utm_term=250625&utm_content=linktoservice
Tesla: https://app.any.run/tasks/1ec08aeb-9089-45e4-b649-3acaa2923b77/?utm_source=mastodon&utm_medium=post&utm_campaign=phishing_facebook&utm_term=250625&utm_content=linktoservice
Red Bull: https://app.any.run/tasks/7360ea7f-0496-465a-b9ac-6749aa162d64/?utm_source=mastodon&utm_medium=post&utm_campaign=phishing_facebook&utm_term=250625&utm_content=linktoservice
⚠️ Even though the pages mimic legitimate job platforms, several red flags expose #malicious behavior:
🔹 No redirection to Facebook’s official SSO
🔹 IP fingerprinting via services like ipapi and ipify
🔹 In some cases, exfiltration of credentials using socket[.]io and attacker-controlled Telegram bots
🔍 Search for Red Bull-themed recruitment phishing using TI Lookup:
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=phishing_facebook&utm_content=linktoti&utm_term=250625#%7B%2522query%2522:%2522domainName:%255C%2522redbull%255C%2522%2520AND%2520(domainName:%255C%2522ipapi%255C%2522%2520OR%2520domainName:%255C%2522ipify%255C%2522)%2520AND%2520domainName:%255C%2522.onrender.com%255C%2522%2522,%2522dateRange%2522:180%7D%20
Another observed trend includes the abuse of indeed[.]com through #typosquatting: lndeed[.]com. See example: https://app.any.run/tasks/fce3c537-de65-4138-bd1f-2dccc16c32c2/?utm_source=mastodon&utm_medium=post&utm_campaign=phishing_facebook&utm_term=250625&utm_content=linktoservice
🔍 Find more typosquatted domains using this TI Lookup request:
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=phishing_facebook&utm_content=linktoti&utm_term=250625#%7B%2522query%2522:%2522domainName:%255C%2522lndeed%255C%2522%2522,%2522dateRange%2522:180%7D%20
🔗 Execution chain:
Phishing email or link ➡️ Fake job offer ➡️ Fake Facebook login form ➡️ Credentials & IP exfiltration via WebSocket or Telegram bot
🛡️ Recommendation for users and organizations:
🔹 Always enable 2FA
🔹 Cross-check job offers on official company websites
🔹 Avoid disclosing PII unless interacting via verified recruiting platforms like LinkedIn or Indeed
#IOCs:
aimetahire [.] com
aimetajobs [.] com
aimetatalents [.] com
applyjobfast [.] com
jobapplycareer [.] com
redbullrecruit [.] com
redbullrecruitee [.] com
redbulltalents [.] com
tesla-recruit [.] com
lndeed [.] help
applyopenjobsonlndeed [.] space
lndeedresume [.] com
🚀 Use #ANYRUN Interactive Sandbox to analyze suspicious emails and URLs, extract #IOCs, and uncover hidden network activity, such as external IP gathering.
TIL Slopsquatting 🤖📦
Article très intéressant sur cette nouvelle technique de #typosquatting qui exploite les hallucinations récursives des LLM utilisés en programmation
Les LLM hallucinent des librairies/paquets imaginaires ➡️ des acteurs malveillants les enregistrent et les arment 🧨
Le tout sur fond de hype autour du "vibe coding"
⬇️
"The Rise of Slopsquatting: How AI Hallucinations Are Fueling a New Class of Supply Chain Attacks"
👇
https://socket.dev/blog/slopsquatting-how-ai-hallucinations-are-fueling-a-new-class-of-supply-chain-attacks
Via la toujours excellente Risky Bulletin Newsletter du jour
👇
https://risky.biz/risky-bulletin-ai-slopsquatting-its-coming/
A wild ZWSP appears!
In case you’re not fluent in Unicode and percent-encoding: %E2%80%8B is a zero-width-space, an invisible character which helps set line-breaks correctly.
It seems that broken links with ZWSPs or unicode control characters like the left-to-right mark are a widespread problem, opening a door to cybersquatting.
Or may I suggest the name ‘typography squatting’?
#Signal #SignalApp #Android #Google #PlayStore #GrapheneOS #GitHub #TypoSquatting #CyberSquatting #TypographySquatting #InfoSec #Security #CyberSecurity
@aral @EUCommission @nlnet @letsencrypt @cacert not only that, I think we need self-governing namespaces similar to @torproject #OnionServices (even tho they are prone to #typosquatting-esque #sibil/#EvilTwin-style #phishing attacks!)...
🚨 Mac & Linux Users/Developers Beware! Hackers are sneaking malware onto devices by disguising it as trusted software downloads.
Read: https://hackread.com/malware-infects-linux-macos-typosquatted-go-packages/
#CyberSecurity #CyberAttack #Typosquatting #Malware #macOS #Linux
Alright, Go developers, listen up! 🚨 Seriously crazy stuff is happening in the Go world right now. We're talking major typosquatting issues. Attackers are slithering in and spreading malware via fake packages, can you believe it?
So, for goodness sake, pay super close attention to the names of your modules! One little typo and bam! You've got yourself a nasty infection. As a pentester, I see this kind of thing all the time, sadly. Tiny mistakes, HUGE consequences. This malware then installs a backdoor. Totally not cool, right?
Therefore, check your imports, folks! And make sure you're getting your devs trained up on security. Automated scans? Nice to have, sure, but they're absolutely no substitute for a manual pentest! What are your go-to tools for fighting this kind of attack? Oh, and yeah, IT security *has* to be in the budget, that's just the way it is.
Jetzt trifft es auch #Go: Bösartiges #Typosquatting im Ökosystem entdeckt | Developer https://www.heise.de/news/Typosquatting-im-Go-Oekosystem-Gefaelschtes-BoltDB-Paket-entdeckt-10270016.html #Malware
Jetzt trifft es auch Go: Bösartiges Typosquatting im Ökosystem entdeckt | heise online
heise.de/-10270016 #Programmiersprache #Golang #Typosquatting #TyposquattingPaket #Malware
Jetzt trifft es auch Go: Bösar...
Jetzt trifft es auch Go: Bösartiges Typosquatting im Ökosystem entdeckt | heise online
https://heise.de/-10270016 #Programmiersprache #Golang #Typosquatting #TyposquattingPaket #Malware
Beveiligingslek in go module mirror: drie jaar lang backdoor verspreid https://www.trendingtech.news/trending-news/2025/02/53082/beveiligingslek-in-go-module-mirror-drie-jaar-lang-backdoor-verspreid #Go Module Mirror #typosquatting #backdoor #softwarebeveiliging #cache #Trending #News #Nieuws
Malafide deepseek pakketten ontdekt in pypi: een nieuwe cyberdreiging https://www.trendingtech.news/trending-news/2025/02/52708/malafide-deepseek-pakketten-ontdekt-in-pypi-een-nieuwe-cyberdreiging #DeepSeek #PyPi #cyberveiligheid #typosquatting #infostealers #Trending #News #Nieuws
akam.ne: A particularly valuable typosquatting domain was available, Mastercard and others were vulnerable
https://krebsonsecurity.com/2025/01/mastercard-dns-error-went-unnoticed-for-years/
#via:hackernews #typosquatting #mastercard #security #badtech #akamai #dns #-
Nueva entrada en #elProxy!
«Typosquatting: webs maliciosas cuyos nombres se parecen demasiado a las auténticas»
https://proxy.jesusysustics.com/2024/12/10470/
#consejo #direcciónweb #Internet #malicioso #navegadorweb #seguridad #typosquatting #url
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst