TYPOSQUATTING is no longer a user problem but a supply chain issue, with attackers embedding lookalike domains inside legitimate third‑party scripts used by web properties. AI has changed the economics: thousands of convincing domain variants can be generated in minutes, and full campaign deployment can take under ten minutes, so manual vetting is effectively dead.
The Threat narrative includes the Trust Wallet incident in December 2025, where a self‑replicating npm worm harvested credentials and led to $8.5M in losses within 48 hours, without any server breach or alert firing, because the attack ran inside users’ browsers. The piece notes that CSP and other controls cannot observe runtime browser activity, since the malicious behaviour is executed after scripts load, highlighting the need for runtime behavioural monitoring to see what approved scripts actually do.
Detection requires observing domains, page elements accessed, and deviations from baselines, with Reflectiz’s AI deobfuscator approach offered as part of the guide to bridging that gap, according to The Hacker News.