AI typosquatting embeds fake domains in third-party scripts

On Dec. 24, 2025, a self-replicating npm worm known as Shai-Hulud used harvested developer credentials to publish a trojanized version of the Trust Wallet Chrome extension. The malicious extension captured wallet seed phrases in users’ browsers and transmitted them to an analytics domain that mimicked Trust Wallet. About 2,500 wallets were drained, totaling roughly $8.5 million, according to incident summaries. Chrome’s verification processes did not block the extension and no server-side breach has been reported; the activity ran inside users’ browsers.

Security teams report attackers are embedding AI-generated lookalike domains inside trusted third-party scripts and browser extensions. Those scripts execute in page contexts and can read form fields, intercept input, and send data to external domains. Because the malicious activity happens in the browser at runtime, traditional perimeter controls such as firewalls, web application firewalls, endpoint detection tools and content security policies often do not log or block it.

Researchers and vendors say the tactic uses automated tooling and large language models to scale domain generation and campaign deployment. AI models can produce thousands of convincing domain variants quickly. Attackers also use homograph techniques that mix Latin, Cyrillic and Greek characters to create domains that appear visually similar to legitimate addresses while evading simple string-matching defenses. Domain registration, certificate issuance and campaign rollout can be completed in minutes. Data from repository monitors indicate a rise in malicious package uploads year over year.

Two additional incidents illustrate the pattern. In September 2025, attackers phished a package maintainer and injected malicious code into 18 widely used JavaScript libraries, including widely downloaded packages. The injected code hooked browser APIs to intercept network traffic and wallet interactions; rapid containment limited direct monetary losses to around $500. In December 2024, attackers gained publish access to the @solana/web3.js library and released compromised versions that intercepted private keys during transactions and exfiltrated them to a newly registered attacker-controlled domain. Applications that auto-updated within a five-hour window delivered the backdoor to users and nearly $200,000 was drained before discovery.

Observers say detection requires runtime behavioral monitoring rather than only static analysis or origin allowlists. Effective monitoring tracks which domains a script contacts, which page elements it accesses, and whether its actions differ from an established baseline. Attackers often ship heavily obfuscated or dormant payloads that activate only under specific runtime conditions, which can evade linting and signature-based tools.

Practitioners recommend prioritizing monitoring of pages that handle sensitive data, such as payment and authentication pages, auditing third-party scripts for recently registered CDN domains, applying subresource integrity where feasible, and enforcing domain and email governance measures such as stricter content security policies and DMARC. The IBM 2025 Cost of a Data Breach Report found the average breach takes 241 days to identify; incidents that run silently in browser memory can remain undetected longer without runtime observation.

The reported incidents involved attackers inserting malicious code into existing trust relationships across build pipelines, package registries, CDNs and browser extensions rather than relying on users to click a phishing link.