Skip to main content

Typosquatting in Python: One Typo, Total Compromise

The "Fat Finger" Vulnerability

You are setting up a new environment. You type pip install tourch instead of torch. The terminal shows a progress bar, dependencies install, and everything looks normal.

But in the background, you just granted an attacker Remote Code Execution (RCE) on your machine.

Typosquatting is a supply chain attack where malicious actors register packages with names strikingly similar to popular libraries. They rely on developer exhaustion, typos, or visual similarity to trick users into installing them.

Why It Works in Python

Python's package manager, pip, is incredibly efficient. It doesn't ask "Did you mean...?"—it just installs what you tell it to.

Furthermore, Python packages can execute code during installation. The setup.py file can contain a post_install script that runs arbitrary shell commands. You don't even need to import the library; simply running pip install is enough to get hacked.

Common Targets in AI/ML

Attackers target the most downloaded packages because they offer the widest surface area.

  • Target: pytorch / torch
    • Fakes: tourch, pytorch-cpu, py-torch
  • Target: requests
    • Fakes: reqests, requesst, rquests
  • Target: pandas
    • Fakes: pundas, pandass

The "Starjacking" Technique

Sophisticated typosquatters often copy the metadata (description, author name, license) of the real package. If you look at the PyPI page for the fake package, it might look identical to the real one, except for the download count.

Detecting Typosquatting

Visual inspection of requirements.txt is prone to error. The human brain uses "autocorrect" when reading; we see what we expect to see.

Automated scanning is required. Veritensor includes a dependency scanning engine that:

  1. Parses your requirements.txt and pyproject.toml.
  2. Calculates the Levenshtein distance between your dependencies and a list of top 5000 popular PyPI packages.
  3. Checks against a database of known malicious package names.
veritensor scan requirements.txt
# Output: HIGH: Potential Typosquatting: 'tourch' looks like 'torch'

Catching a typo before pip install runs can save your entire infrastructure.