- Unit 42 warns that GenAI enables dynamic, personalized phishing websites
- LLMs generate unique JavaScript payloads, avoiding traditional detection methods
- Researchers call for stronger safeguards, phishing prevention and restricted use of LLM in the workplace
When generative artificial intelligence (GenAI) first emerged, early opinion makers talked about dynamic websites – sites that are not designed in advance and revealed, but rather generated on the spot, for the visitor, based on their location, keywords used, browsing habits, device used, intent, etc.
The era of static websites was apparently almost over, and before you know it, the content we see on the Internet will be unique and personalized just for us.
Although this dream has not yet come true, the pioneers of this approach will most likely be cybercriminals.
Not really theoretical
Security researchers at Palo Alto Networks Unit 42 discovered that this technique could be easily used for phishing.
Anyway, here’s how it would work:
A victim would be phished to visit a seemingly harmless web page. It contains no visible malicious code, but once loaded, it sends carefully crafted prompts to a legitimate LLM API. The LLM returns JavaScript code (unique and different for each user), which is then assembled and executed directly in the browser.
As a result, victims are presented with a personalized, fully functional phishing page, generated without a static payload transmitted over the network for researchers to intercept and analyze.
Although the method is now essentially a proof of concept, it is also not purely hypothetical. Unit 42 did not report observing such an attack in the wild, but suggested that the construction elements were being used.
LLMs already generate obfuscated JavaScript, albeit offline; the use of runtime on compromised machines is omnipresent; LLM-assisted malware, ransomware, and cyberespionage campaigns are increasing every day.
Dynamically generated phishing pages are the future of scams, Unit 42 emphasized, but added that detection is still possible through enhanced browser-based crawlers.
“Advocates should also restrict the use of unauthorized LLM services in workplaces. While this is not a complete solution, it can be an important preventative measure,” they added.
“Finally, our work highlights the need for more robust security guardrails in LLM platforms, as we have demonstrated how rapid and careful engineering can circumvent existing protections and enable malicious use. »
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
