Quasa
Use QUASA App
Join the pioneer of Web3 crypto freelancing today!
Open
Technology

Phantom Squatting: Hackers Turn AI Hallucinations Into a Free Phishing Buffet

|Author: Viacheslav Vasipenok|4 min read| 11
Phantom Squatting: Hackers Turn AI Hallucinations Into a Free Phishing Buffet

Large language models love to hallucinate. We’ve all seen it — ChatGPT or Claude confidently spitting out a perfectly formatted but completely fake URL for some corporate portal, API endpoint, or support page.

Phantom Squatting: Hackers Turn AI Hallucinations Into a Free Phishing BuffetWhat Unit 42 researchers at Palo Alto Networks discovered is that these hallucinations aren’t random noise. They follow predictable internal patterns. Different models, when asked similar questions about the same brand, often invent the exact same nonexistent domain.

Enter the attackers.

Cybercriminals figured out they could treat LLMs as an oracle for free domain ideas.

They flood models with thousands of prompts about popular brands (“payment gateway for [brand]”, “admin dashboard for [brand] support”, “sandbox API for [brand] integration”, etc.), collect the hallucinated URLs, and register the most commonly invented domains before anyone else does.

Once registered, these “phantom” domains become perfect landing spots for phishing pages, malware droppers, credential harvesters, or command-and-control infrastructure.

Because the domains have zero history, they often fly under traditional threat-intelligence radars — at least until malicious activity starts generating signals.


The Research That Exposed the Scheme

Phantom Squatting: Hackers Turn AI Hallucinations Into a Free Phishing BuffetUnit 42 researchers ran a massive experiment: 685,339 adversarial prompts targeting 913 well-known global brands across tech, finance, healthcare, e-commerce, government, and other sectors. They tested two different LLM families under various temperature settings (from precise to highly creative).

The result? 2.1 million unique URLs generated.

Of those:

  • 13,229 (about 0.61%) were already known malicious links.
  • Roughly 809,455 were “non-existent domains” (NXDs) — completely made-up by the models.
  • Normalized down to parent domains, this yielded approximately 250,000 unique hallucinated phantom domains that were still unregistered at the time of the study.

That’s a quarter of a million ready-made, high-quality targets for future attacks — essentially a free all-you-can-eat buffet for anyone willing to register them.


Not Random — Predictably Hallucinated

Phantom Squatting: Hackers Turn AI Hallucinations Into a Free Phishing BuffetThe hallucinations showed clear structure:

  • Path-level (most common, ~50%): Something like `https://sandbox.[brand].com/payment/api/v1/pay`
  • Subdomain-level (~40%): `https://admin.[brand].com` or `https://portal.[brand].com`
  • Pure domain-level (~11%): Entirely invented domains like `[brand]post-app.com` or `[brand]benefitsportal.com`

Higher “creativity” settings (higher temperature) produced more hallucinations. Different models had slightly different biases — one leaned toward path hallucinations, the other toward subdomains — but the overlap was significant enough for attackers to exploit.

Researchers even observed a real-world “Adversarial Exploitation Window”: some phantom domains were registered by malicious actors 18 to 51 days after the LLMs started hallucinating them in the wild.


How the Attack Actually Works

  1. Discovery — Attackers (or even AI-assisted tools) probe LLMs with brand-specific prompts.
  2. Registration — They grab the most frequently hallucinated domains cheaply and quickly.
  3. Weaponization — They set up phishing kits, fake login pages, malware delivery sites, or redirect chains.
  4. Delivery — When an LLM (or a user trusting an LLM-generated link) recommends or uses one of these URLs, traffic flows straight to the attacker-controlled site.

This bypasses many traditional defenses because the domains have no prior reputation. Attackers have already been caught using AI-generated phishing kits on these kinds of domains.


Why This Matters Now

Phantom Squatting: Hackers Turn AI Hallucinations Into a Free Phishing BuffetAs AI agents and copilots become more deeply integrated into workflows — writing code, suggesting links, automating support, or even browsing on behalf of users — the volume of hallucinated URLs being acted upon will explode. What used to be a quirky LLM flaw is turning into a structural attack surface in the software supply chain and web infrastructure.

The good news? Because the hallucinations are predictable, defenders can get ahead of them. Unit 42’s work shows it’s possible to build proactive watchlists of likely phantom domains and monitor registration events in near real-time.

Also read:


Bottom Line

Phantom squatting is elegant in its simplicity: let the AI do the creative work of inventing plausible-sounding domains, then squat on them before the brands or defenders notice. It turns one of AI’s most famous weaknesses into a scalable, low-cost attack vector.

With ~250,000 high-quality hallucinated domains already identified in this single study — and many more being generated daily across public and enterprise models — the race is on between attackers racing to register them and security teams trying to predict and block them.

The buffet is open. The question is who gets there first.

Share:

Subscribe to our newsletter

Get the latest Web3, AI, and crypto news delivered straight to your inbox.

0