Attackers Register AI-Hallucinated Domains to Trap Users, Researchers Warn
Researchers at Palo Alto Networks Unit 42 have identified a cyberattack technique called 'phantom squatting,' where attackers register domain names that large language models (LLMs) consistently fabricate in their responses. Because LLMs generate plausible-sounding URLs based on pattern matching rather than verified data, they can confidently direct users to domains that never legitimately existed. Attackers simply catalog these hallucinated domains, register them, and then host phishing pages or malware — requiring no exploits, ads, or social engineering. Freshly registered domains evade standard reputation-based security filters since they carry no prior history of malicious activity. Existing LLM output filters also fail to catch the threat, as they typically scan for harmful content rather than verifying whether recommended URLs or packages are real.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in