AI-generated lookalike domains are now embedded within third-party scripts that run on your web properties. Here’s why the current stack can’t recognize them, and what detection actually requires:
Download the CISO expert guide to typosquatting in the age of AI →
TL;DR
Typosquatting is no longer a user problem. Attackers are currently embedding lookalike domains within legitimate third-party scripts. No mistyped URLs or server compromises required. AI has disrupted the economics of defense. LLM generates convincing domain variants in minutes. A complete campaign deployment takes less than 10 hours. Malicious package uploads increased by 156% last year. Manual review is over. The security stack doesn’t know about this. Firewalls, WAFs, EDRs, and CSPs have no way of knowing what an authorized script will do after it runs in the browser. The Trust Wallet attack proved that. $8.5 million was stolen in 48 hours through a Trojanized Chrome extension. The alert wasn’t triggered, not because something failed, but because I wasn’t monitoring anything.
This is not about cryptocurrency
On December 24, 2025, Trust Wallet users started losing money. It’s not because you clicked on a phishing link. It’s not because you reused a weak password. It’s not because they did anything wrong.
A self-replicating npm worm called Shai-Hulud spent months harvesting developer credentials: GitHub tokens, npm public keys, and Chrome Web Store API credentials. These keys allowed the attacker to push a trojanized version of the Trust Wallet Chrome extension through official channels. Chrome validation passed.
This malicious extension runs entirely within the user’s browser and silently captures a seed phrase and sends it to the attacker’s infrastructure at the domain masquerading as Trust Wallet’s own analytics endpoint. 2,500 wallets were emptied within 48 hours. Total loss: $8.5 million. No servers were compromised. An alert was never issued.
Once you remove the seed phrase, what’s left is: Trusted browser delivery assets have been silently modified to be invisible to server logs, firewalls, WAFs, and EDRs to intercept sensitive user data before legitimate applications can process it. Not because these controls were configured incorrectly, but because they weren’t designed to monitor what was happening within a browser session.
Exchange seed phrases for payment card data. Swap your Chrome extension for a marketing pixel, support widget, or A/B testing framework. The attacks are exactly the same. A typical e-commerce checkout page runs between 40 and 60 third-party scripts. Each is a trusted connection. The same thing might happen there.
How typosquatting got here: 3 stages
What makes Phase 3 a true evolution is not just its sophistication, but its economy. LLM can generate compelling domain variations in minutes. Isomorphic attacks combine Latin, Cyrillic, and Greek letters to generate domains that appear visually identical in a browser’s address bar while evading string distance detection. It takes less than 10 minutes to register a domain, issue an SSL, and deploy a complete campaign. According to data from Sonatype, malicious package uploads to open source repositories have increased by 156% year over year, and the volume alone makes manual inspection structurally impossible.
Three attacks that demonstrate a pattern
Typosquatting targets the domain layer, package compromise targets the supply chain, and browser runtime exploitation targets the post-execution behavior of trusted code.
1. Trust Wallet Chrome Extension (December 2025)
Shai-Hulud collected developer credentials for several months before pushing the Trojanized extension through the official Chrome Web Store channel. The malicious extension captured the seed phrase and sent it to a similar analysis domain. 2,500 wallets have been emptied. Loss of $8.5 million. Detection time: zero. There is no server-side visibility into the browser runtime execution.
2. Choke/Debug npm attacks (September 2025)
A phishing email targeting a single package administrator gave the attacker access to 18 trusted JavaScript libraries, including choke and debugging, with a combined weekly download count of over 2 billion. Within 16 minutes, they were all injected with malicious code that hooked browser APIs and silently intercepted network traffic and wallet interactions. Rapid containment limited direct losses to approximately $500. The exposure window was not an issue. The number of downloads was 2 billion.
3. Solana Web3.js library attack (December 2024)
Through a phishing campaign, the attacker compromised the @solana/web3.js npm library public access account, intercepted the private key during transactions, and published a malicious version containing a hidden function that leaked the private key to an attacker-controlled domain that was registered several days before the attack. Applications that automatically updated within five hours distributed backdoors directly to users. Nearly $200,000 was lost before it was discovered.
How compromise happens: Trust replaces deception
Classic social engineering required human involvement. I needed someone to type the URL incorrectly, click the link, accept the prompt, and trust the sender. The attacker’s job was to create instant trust.
Current generation attacks skip that step entirely. Trust is no longer something that is created, but something that is passed down. The build pipeline already trusts npm. Vendors already trust CDNs. Your browser already trusts the vendor. The attacker does not need to deceive anyone. Simply insert yourself anywhere on the chain of trust that has already been granted.
This is called supply chain disruption. This deception is not targeted at individuals. It targets dependency graphs.
Blind spots in the security stack
A marketing vendor integrated into a web property points to a JavaScript CDN that was registered 6 weeks ago. Valid SSL. recognizable domain. The script will then be updated silently.
On the payment page, the browser silently loads the modified script. An invisible overlay intercepts keystrokes before they reach your application. The server logs record normal sessions. There is no alarm firing.
CSP is the control most often cited as a defense. However, CSP is a guest list, not a behavior monitor. Whitelisted scripts that read payment form fields and leak data are still fully allowed because the sender is trusted. CSP handles the connection. Unable to process execution.
Malicious behavior in 2026 is deferred until runtime by design. Shai-Hulud’s packages remained dormant during automatic scans and were only activated under certain runtime conditions. Static analysis cannot capture payloads that are dynamically loaded after execution begins.
What you actually need for detection
IBM’s 2025 Cost of Data Breach Report found that it takes an average of 241 days to identify a breach. Supply chain attacks, where the malicious behavior is executed silently in the browser’s memory, can take significantly longer unless the runtime is monitored.
Detection requires observing what the script actually does after execution: which domains it communicates with, which page elements it accesses, and how the script’s behavior deviates from established baselines. This is runtime behavior monitoring, the one layer that is currently missing from most enterprise security stacks.
Characteristics to monitor:
Unexpected data leakage: A script reads a form field and sends a value to a domain outside of the approved list Dynamic domain resolution: A script that calls a recently registered domain or resolves differently than the baseline Behavioral drift: A script that worked fine last week accesses a different page element this week.
Detecting suspicious domains in the dependency tree is necessary, but not sufficient. A more difficult problem is understanding what scripts loaded from that domain actually do. AI-generated obfuscation is specifically designed to defeat static analysis. The code goes through linting, mimics the canonical minification library, and does not produce signature matches.
To close this gap, you need to deobfuscate the behavior at runtime, run the script in an instrumented environment, and trace the actual behavior instead of trying to read the source. This means revealing what the script actually accesses (form fields, cookies, network endpoints), no matter how obfuscated the source is. This is the approach Reflectiz has built its AI deobfuscation tool on, and is explained in detail in the guide below.
your action plan
If you don’t know where to start, prioritize based on exposure. Put the payment page first, the authentication page second, and everything else after that. The actual sequence is:
this week:
Audit third-party scripts for recently registered CDN domains in the dependency chain Check CSP reports to see what approved origins are actually doing, not just violations Identify which pages handle sensitive data (payments, logins, PII forms) and prioritize monitoring there first
this month:
Deploy runtime behavior monitoring for payment and authentication pages Establish a behavioral baseline for all approved third-party scripts Implement subresource integrity (SRI) checks when scripts are self-hosted or cacheable
Requires proactive domain registration, strict CSP, and mandatory DMARC. This includes domain registration, script distribution, and email spoofing. None of them address what happens after an approved vendor script is silently modified. It’s a gap that most teams don’t realize until it’s too late.
The controls above tell you what to do. Mapping these to your actual environment, vendor inventory, and compliance obligations will hold up execution. Reflectiz has published a CISO expert guide that includes a complete framework, including domain governance, basic controls, runtime behavior monitoring, and a step-by-step implementation roadmap built around the gaps.
Download the guide here →
Source link
