TH17110
Detected presence of files containing URLs that use homoglyph spoofed variations of trusted domains.
| priority | CI/CD status | severity | effort | RL level | RL assessment |
|---|---|---|---|---|---|
 | pass | medium | high | None | None |
About the issueโ
Uniform Resource Locators (URLs) are structured addresses that point to locations and assets on the internet. URLs allow software developers to build complex applications that exchange data with servers that can be hosted in multiple geographical regions. URLs can commonly be found embedded in documentation, configuration files, source code and compiled binaries. In typography, a homoglyph is one of two or more characters (or glyphs) with shapes that appear identical or very similar, but may have completely differing meanings. Attackers often register spoofed variations of known and trusted domains. By abusing homoglyphs, attackers can create malicious domains that appear visually identical to trusted ones. While presence of homoglyphs in network references does not imply malicious intent, all instances of this issue should be reviewed for spelling mistakes and typos. An attacker could be controlling the domains the application intends to connect to.
How to resolve the issueโ
- Investigate reported detections.
- If the software should not include these network references, investigate your build and release environment for software supply chain compromise.
- You should delay the software release until the investigation is completed, or until the issue is risk accepted.
- Remove all references to flagged network locations.
Recommended readingโ
- Catching deceptive links before the click (ReversingLabs blog)
- Homoglyph (External resource - Wikipedia)