Name/typo squatting is deceptive and malicious. The telemetry helps the attacker detect when a valuable target begins using the software, enabling a targeted supply-chain attack.