Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem
AI-generated typosquatting domains are now used in supply-chain attacks, as demonstrated by the Trust Wallet Chrome extension compromise that drained $8.5M.
AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here's why your current stack can't see them, and what detection actually requires.
On December 24, 2025, Trust Wallet users started losing money. Not because they clicked a phishing link. Not because they reused a weak password. Not because they did anything wrong at all. A self-replicating npm worm called Shai-Hulud had spent months harvesting developer credentials: GitHub tokens, npm publishing keys, and Chrome Web Store API credentials. Those keys allowed attackers to push a trojanized version of the Trust Wallet Chrome extension through official channels. Chrome's verification passed it.
The malicious extension executed entirely inside users' browsers, silently capturing seed phrases and transmitting them to the attacker's infrastructure at a domain disguised as Trust Wallet's own analytics endpoint. Within 48 hours, 2,500 wallets had been drained. Total loss: $8.5 million. No server was breached. No alert ever fired.
Strip away the seed phrases and what remains is this: a trusted browser-delivered asset was silently modified to intercept sensitive user data before the legitimate application could process it, invisible to server logs, firewalls, WAFs, and EDR. Not because those controls were misconfigured, but because they were never designed to observe what happens inside a browser session, even a poisoned one. Swap seed phrases for payment card data. Swap the Chrome extension for a marketing pixel, a support widget, or an A/B testing framework. The attack is identical. A typical e-commerce checkout page runs 40-60 third-party scripts. Each is a trusted connection. The same thing could happen there.
What makes this a genuine evolution isn't just sophistication, it's economics. LLMs can generate thousands of convincing domain variations in minutes. Homograph attacks combine Latin, Cyrillic, and Greek characters to produce domains that appear visually identical in browser address bars while evading string-distance detection. Domain registration, SSL issuance, and full campaign deployment now take under ten minutes. Sonatype's data shows malicious package uploads to open-source repositories jumped 156% year-over-year, so volume alone has made manual vetting structurally impossible.
The article also details a separate attack on the chalk/debug npm ecosystem where a phishing email compromised 18 trusted JavaScript libraries. In September 2025, a phishing email targeting a single package maintainer gave attackers access to 18 trusted JavaScript libraries, including chalk and debug, with over two billion combined weekly downloads. Within 16 minutes, malicious code was injected across all of them, hooking browser APIs to silently intercept network traffic and wallet interactions. Fast containment limited direct losses to around $500, but the exposure window wasn't the story—two billion downloads was.
Classic social engineering needed a human in the loop, someone to mistype a URL, click a link, approve a prompt, trust a sender. The attacker's job was to manufacture trust in the moment. The current generation of attacks skips that step entirely. Trust is no longer manufactured, it's inherited. Your build pipeline already trusts npm. Your vendor already trusts their CDN. Your browser already trusts the vendor. The attacker doesn't need to deceive anyone; they only need to insert themselves anywhere along a chain of trust that's already been granted. Call it supply chain subversion—the deception isn't aimed at a person; it's aimed at the dependency graph.
A marketing vendor integrated into your web properties references a JavaScript CDN registered six weeks ago. Valid SSL. Recognizable domain. Then the script is quietly updated. On your payment page, the browser silently loads the modified script. An invisible overlay intercepts keystrokes before they reach your application. Your server logs record a normal session. No alert fires. This is the blind spot in your security stack.