Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

The Phantom Squatting Phenomenon: How Artificial Intelligence-Hallucinated Domains are Exploited for Phishing and Malware



Phantom squatting, a new tactic where AI-hallucinated domains are exploited for phishing and malware, has been identified by security experts at Unit 42. The phenomenon takes advantage of the lack of verification for AI-generated content and can have devastating consequences for users. Learn more about this emerging threat and how to protect yourself from it.

  • Phantom squatting involves attackers buying up AI-generated domains, often identical to well-known brands, before anyone else can, to host phishing pages or malicious software.
  • AI models generate links and domains that do not exist in reality, which are then bought up by attackers.
  • The tactic exploits the lack of verification for AI-generated content, inheriting all the misplaced trust associated with those links.
  • Researchers at Unit 42 discovered over 2.1 million links generated by AI models, with 13,229 identified as malicious and 250,000 with no owner yet.
  • Attackers can take advantage of new domains having no reputation, making it difficult for filters to flag them.



  • The cybersecurity landscape has witnessed a significant shift in recent times, as attacks have become increasingly sophisticated and AI-generated content is being used to deceive users. One such phenomenon that has garnered attention from security experts is "phantom squatting," a tactic where attackers buy up AI-hallucinated domains before anyone else can, only to host phishing pages or malicious software on them.

    This concept was first identified by researchers at Unit 42, who have been studying the impact of AI-generated content on cybersecurity. The team discovered that large language models, which are used for various applications such as customer service chatbots and language translation tools, were generating links and domains that did not exist in reality. These fabricated domains were often identical to those of well-known brands or organizations, making them appear legitimate.

    The researchers found that these AI-generated domains were being bought up by attackers before anyone else could, allowing them to host phishing pages or malicious software on these domains. This tactic takes advantage of the fact that developers and AI assistants increasingly treat links generated by AI models as real, without verifying their legitimacy.

    Phantom squatting is a domain version of "slopsquatting," which involves registering fake software package names that are suggested by AI coding tools. Both tactics exploit the same vulnerability – the lack of verification for AI-generated content. The attackers take advantage of this by registering the fabricated domains first, thereby inheriting all the misplaced trust associated with those links.

    To measure the scope of the problem, Unit 42 conducted an experiment where they asked two AI models 685,339 questions about 913 well-known brands across various sectors. The models produced over 2.1 million links, with 13,229 of them identified as malicious by threat intelligence. Roughly 250,000 of the invented domains had no owner yet, making them easy targets for attackers.

    The attack works because a brand-new domain has no reputation, making it difficult for blocklists, threat feeds, and reputation scores to flag it. By the time these filters catch up, the victim has already been sent to the site by a tool they trust. The fake domains were not sitting in the training data, but rather were generated from the models' own language patterns, which are consistent across different models.

    Different models often invent the same fake domain for the same question, making it easier for attackers to guess their next target. Turning up the "creativity" setting of a model only produced more invented domains. The researchers noted that this phenomenon exploits a structural property of LLM architectures that remains inherently unpatchable.

    Two cases demonstrated the full loop of phantom squatting, where an attacker registered an AI-generated domain before anyone else could, and then stood up a phishing kit or malicious software on it. In one case, an attacker registered a national postal service's online marketplace and created a phishing kit that stole card numbers, bank-transfer details, and national ID data.

    The researchers warn that defenders have only weeks to react to these attacks, as the attackers' first move is often the hardest to track down. Security teams can map which fake domains a model is likely to produce and watch for anyone registering them, often with weeks of warning.

    For everyone else, the practical steps are simple: do not trust a link just because an AI gave it; confirm the domain is the real, official one before typing a password or pasting it into code. Treat anything a model writes as an unverified draft, not an authority.

    The window of opportunity for attackers to exploit these domains is open and rewards whoever moves first. The question remains whether defenders or attackers reach these domains sooner.

    Related Information:
  • https://www.ethicalhackingnews.com/articles/The-Phantom-Squatting-Phenomenon-How-Artificial-Intelligence-Hallucinated-Domains-are-Exploited-for-Phishing-and-Malware-ehn.shtml

  • https://thehackernews.com/2026/07/phantom-squatting-uses-ai-hallucinated.html


  • Published: Wed Jul 1 11:09:51 2026 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us