Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware
Large language models frequently generate web addresses that do not actually exist. Attackers are exploiting this behavior by registering those hallucinated domains before anyone else can, a technique Palo Alto Networks' Unit 42 has named 'phantom squatting.' According to Unit 42's new research, this attack is already occurring in the wild. The attackers purchase the made-up domains and then host phishing pages on them, intercepting traffic that AI tools inadvertently direct to those sites. This method allows malicious actors to capitalize on the trust users place in AI-generated outputs, turning a quirk of language models into a vector for phishing and malware distribution.
Developers must be aware that AI-hallucinated domains can be weaponized for phishing attacks.