THE article discusses a shift in tactics by attackers who are now using realistic package impersonation instead of traditional typosquatting to infiltrate software ecosystems. According to a report by Sonatype, 91% of malicious packages analyzed utilized naming-variant tactics, making them appear as legitimate plugins or configurations, which can lead to serious security risks including credential theft.
The report highlights common patterns in naming, such as adding suffixes and mimicking the language of real code, making detection by conventional methods inadequate. The most targeted ecosystems include React and various plugins, urging developers to apply stricter scrutiny on new dependencies.