Home > Tech Explained

What is Slopsquatting and How to Avoid It

By Crystal Crowder
Code on a computer screen.

If you’ve seen this unpleasant sounding term floating around, you’re probably wondering what is slopsquatting and how exactly it might affect you. This nasty attack isn’t the easiest to spot, but there are ways to avoid it to keep you safer.

What is Slopsquatting

It all starts with AI hallucinations, which are things AI makes up. For the purposes of slopsquatting, AI tools suggest open source packages that don’t actually exist for developers to use in their code.

Cybercriminals have discovered AI hallucinations often repeat. They take advantage of this flaw by creating malicious packages using these hallucinated names and upload them to trusted code repository hosts such as GitHub. When developers ask their favorite AI platform to suggest an open source package, the chatbot suggests one of the hallucinated names that cybercriminals are using.

Asking ChatGPT for code package suggestions.
ChatGPT suggesting packages. No malicious suggestions in this list.

The result is developers are inserting these malicious packages into their software. Once it runs, the damage is done and the attackers gain access to any devices the code is executed on.

While this might not sound like a major issue, one study found that out of 16 major code generation AI models, almost 20-percent of recommended packages didn’t exist. Even worse is 43-percent of hallucinated package names repeated every time out of 10 runs with the same prompt. This makes it much easier for cybercriminals to choose names and get their malicious packages suggested and used repeatedly.

In the study, CodeLlama was the worst offender. On the other hand, GPT-4 Turbo had the fewest hallucinations. Just because the risk is less it doesn’t mean you’re completely safe, though.

Things You Need to Watch Out For

Whether you’re a professional, casual, or completely beginner developer, you’re at risk of slopsquatting. It’s actually a form of typosquatting, where a single letter is the only difference between a legitimate safe domain and a malicious one. But, just like typosquatting, slopsquatting is avoidable if you watch for these five things:

  1. Slightly misspelled package names – This red flag isn’t a guarantee, especially as the majority of hallucinated package names don’t have any typos. Still, if you notice something misspelled, think twice before using it.
  2. Lack of any discussions or feedback – Packages with little to no discussions may not be the safest to use. It could just mean they’re brand spanking new. Or, it could signal it’s a fake package that’s relying on AI suggestions for developers to find and innocently use.
  3. Warnings from other developers – I know it’s easy to just rely upon AI’s suggestions, but take a moment to do some extra research. Use your favorite search engine and see what others are saying about any package suggestions before using them yourself.
  4. Not recommended by other platforms – If possible, try the same or similar prompts on multiple AI coding platforms. If a package is rarely or never recommended, it could be a major sign of slopsquatting.
  5. Confusing descriptions – It’s becoming more common for developers to rely on “vibe coding,” which means they just accept suggestions without any verification. Yet, malicious packages often have confusing descriptions on the sites they’re hosted on.

You can also avoid common slopsquatting packages already identified in the wild just by asking your favorite AI platform for a list.

List of slopsquatting packages from ChatGPT.
List of slopsquatting packages found in the wild courtesy of ChatGPT.

The Most Important Precautions

Even when you know what to look for, slopsquatting is still difficult to spot in many cases. Since it’s so new, it’ll take time for security experts to develop a reliable process to identify and eliminate malicious packages. Many AI platforms are also attempting to train their models to recognize hallucinated names/packages and warn developers before using them.

Until those things happen, you do have three ways to prevent a malicious package from ruining your software and any devices it may be installed on.

The most important is to always run your code in a secure, sandbox environment. VirtualBox and VMWare are two of the most popular virtual machines and they’re free to use. There are also cloud-based sandbox environments, though most only support a few languages. Replit is a favorite as it supports over 50 languages.

The second is use a scanning tool to verify if a package is safe or not. I’ve found the Socket Web Extension to be one of the easiest options to use. It’s free to use and works on numerous sites to scan before you download anything. Currently, it’s available for Chrome-based browsers and Firefox.

How To Avoid Microsoft Blocking Teams On Desktop Update Menu

Finally, always verify anything AI suggests. The more reliant you are on AI, the easier it is for cybercriminals to take advantage. Use AI to assist with coding, but verify any and all suggestions before using them.

If you do become a victim of slopsquatting, let other developers know. Post warnings on social media, Reddit, and repository hosts. Contact support for the AI platform you’re using to report the malicious package name to help better train AI models. Getting the information out helps others protect themselves.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Crystal Crowder Avatar
Crystal Crowder
Crystal Crowder has spent over 15 years working in the tech industry, first as an IT technician and then as a writer. She works to help teach others how to get the most from their devices, systems, and apps. She stays on top of the latest trends and is always finding solutions to common tech problems.

Read next

Starry night with radio towers and the Milky Way galaxy visible overhead.
When NASA lost contact with the IMAGE satellite in 2005, an amateur radio operator in Canada named Scott Tilley picked up its signal in January 2018 while hunting for a classified spy satellite, and the spacecraft turned out to be still spinning, still powered, and still trying to phone home after 13 years of silence.
Close-up of a smartphone highlighting its modern design on a dark background.
The original iPhone Steve Jobs unveiled in January 2007 could not record video, could not copy and paste text, could not run a single third-party app, and could only reach the internet over 2G — and Jobs spent ninety minutes on stage at Macworld arguing, one missing feature at a time, that every absence was actually a design decision.
In 1965, Joe Sutter’s Boeing team began shaping the 747 around a future they thought would belong to supersonic jets, lifting the cockpit onto a hump so the nose could open for cargo once the giant subsonic passenger plane had outlived its brief moment
Vintage keyboard with tactile buttons paired with a modern digital interface on screen.
Apple’s original 1984 Macintosh keyboard had no arrow keys, no function keys, and no numeric pad because Steve Jobs wanted users to reach for the mouse first. Then Apple quietly sold the missing keys as an accessory.
When the SS Great Eastern laid the first working transatlantic telegraph cable in 1866, a message that had taken ten days by steamship suddenly crossed the ocean in minutes, and the financial markets of London and New York were forced, within a single trading week, to invent the modern concept of synchronised global price.
Flat lay of travel essentials including a passport, map, smartphone, and pop camera.
Masahiro Hara and Denso engineers built the QR code in 1994 to help Toyota suppliers scan car parts from any angle, then kept the patent open until phone cameras and a 2020 pandemic turned the factory square into a daily ritual on restaurant tables
In 1965, Mary Allen Wilkes wrote LAP6 for the LINC computer from her parents’ Baltimore home, testing an interactive operating system on a 250-pound machine in the living room and becoming the first known person to use a personal computer at home, twelve years before the Apple II reached buyers
Hands manipulating wires on breadboards for electronic prototyping.
When Grace Hopper wanted to explain a nanosecond to admirals who kept asking why satellites were slow, she handed each of them a piece of wire 11.8 inches long, the exact distance light travels in a billionth of a second, and told them to keep it in their pocket as a reminder that physics, not laziness, sets the limit.