Palo Alto Networks’ Unit 42 has identified a new attack vector called ‘phantom squatting,’ where threat actors register AI-hallucinated domains that do not exist in reality. By asking large language models (LLMs) questions about well-known brands, attackers can predict which fake domains the models will generate and register them before anyone else. These domains then host phishing pages or malware, exploiting the trust users place in AI-generated links.
Unit 42 tested two AI models with 685,339 questions about 913 brands, producing 2.1 million links. Of these, 13,229 were already malicious, and roughly 250,000 were unregistered domains ripe for squatting. The attack works because new domains have no reputation, bypassing blocklists and threat feeds. Two observed cases include a postal service marketplace domain hallucinated by AI, later registered by an attacker who deployed a phishing kit called ‘Montana Empire’ to steal card numbers and IDs, and another postal domain used to push a malicious Android app.
Phantom squatting is similar to ‘slopsquatting,’ where attackers register fake software package names suggested by AI coding tools. The PhantomRaven campaign exploited this to hide malware in 126 npm packages with over 86,000 installs. Unit 42 recommends that security teams map likely hallucinated domains and monitor for registrations, while users should verify AI-generated links before trusting them.
CVEs: CVE-2026-20245
Malware: Montana Empire, PhantomRaven
Companies: Palo Alto Networks
Original source: thehackernews.com