Wouldn’t the attack need to happen on a subdomain of the site they’re trying to steal credentials for? At least Bitwarden won’t suggest any credentials to autofill otherwise (haven’t tried the others)