Usage of Homoglyphs
Homoglyphs is a technique that uses different characters with shapes that appear identical or very similar. An example of this would be the letter O and the number zero (0). A common approach is to replace upper case I as in (i) and lower-case l as in (L) in the Calibri font.
Hyphenation
An example of this technique would be the popular python package called NumPy which can be transformed to Num-Py.
Version Number Change
In its name, it is common for a package to have a version number. Packages such as bs4, used for web scrapping can be replaced with bs5, giving the illusion of a more updated version of the package.
Malicious Dependencies in not so Malicious packages
Most projects are built on top of previous code, libraries, and packages. This commonly accepted practice by software developers can be taken advantage of by bad actors. Let’s say that a typo-squatted package A is being advertised as doing the same job as the original. However, the actual malicious functionality is being done in dependency B, which package A relies upon. The package manager will, in turn, take down this dependency instead of the actual typo-squatted package, which the bad actor can keep replacing with a new version. A typo-squatted package can stay up for a long time with this method.
This malicious practice was seen in the wild very recently by the malware group Lofy Gang who focused on credential stealing using malicious discord bot package software via NPM.
The idea of malicious dependencies is what makes typo squatting especially troubling, as major projects with typo-squatted packages implemented as their dependencies can exist for years and be deemed as trustworthy. Additionally, the removal of the said package from a large project can break an existing project, resulting in time constraints for completion of the project.