AI/ML

Attackers exploit AI-hallucinated web domains through ‘phantom squatting’

AI hacker holding a glowing red chip symbolizing artificial intelligence in cybercrime, darkweb, and digital technology threat for cybersecurity and malware protection.

As reported by The Hacker News, a new cybersecurity threat known as phantom squatting is emerging, where malicious actors are registering non-existent web addresses invented by large language models (LLMs) to conduct phishing attacks.

Palo Alto Networks' Unit 42 has identified phantom squatting as a tactic where attackers purchase domains that LLMs hallucinate, meaning the AI models create web addresses that do not actually exist. This is concerning because users and developers often trust links generated by AI. When an AI invents a domain, the first entity to register it inherits the misplaced trust, enabling phishing without traditional methods like malicious ads. Unit 42's research involved querying AI models with questions about numerous brands, resulting in millions of generated links. While some were flagged as malicious, a significant number of invented domains were unregistered, presenting opportunities for attackers. The attack works because new domains lack a reputation, bypassing existing security filters until it's too late.

Researchers found that different AI models often invent the same fake domains, making targets predictable. Two observed cases involved attackers registering hallucinated domains resembling a national postal service and a bank, subsequently using them to steal sensitive data and distribute malware. This trend mirrors slopsquatting, where attackers register non-existent software package names invented by AI coding tools. The implications are significant, as AI-generated output is increasingly treated as input, shrinking the reaction time for defenders in a landscape where brand impersonation phishing is a growing paid service.

Source: The Hacker News

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds