News
AI SHIFT:

Unit 42 Finds 13,229 Malicious URLs In AI Phantom-Domain Study

Newsroom brief

Unit 42 said its phantom-squatting research generated 685,339 prompts across 913 brands and produced 2.1 million unique URLs, including 13,229 malicious URLs and about 250,000 unique phantom domains. The vendor research did not disclose the brand list, affected customer names or named domains tied to data loss.

Verified against source materialEdited by SendTech Times Cybersecurity Desk
Unit 42 Finds 13,229 Malicious URLs In AI Phantom-Domain Study
Image source: Unit 42 / Palo Alto Networks

Unit 42 Maps AI-Hallucinated Domains

Unit 42's research article describes phantom squatting as a security problem created when large language models generate plausible but nonexistent domains.

The vendor research said attackers can register those domains before a user, developer or AI agent follows the model's recommendation.

The article classifies the source as vendor research rather than independent incident reporting.

Unit 42 said its telemetry shows the vector is active in the wild, but the public writeup does not name victim organizations or customers affected by a specific domain.

Unit 42 framed the risk around trusted AI output.

A coding assistant could invent a benefits portal, a research agent could suggest a fake banking portal, or a developer could place an AI-generated API endpoint into code that later sends data to attacker-controlled infrastructure.

The Attack Lifecycle Has Four Phases

Unit 42 divides the phantom-squatting lifecycle into four phases: discover, act, lure and bypass.

Attackers first probe a target brand's hallucination surface by asking models realistic questions that may produce fictitious URLs.

The act phase begins when attackers register the most useful hallucinated domains.

Unit 42 said generic top-level domains can be registered quickly and cheaply, and observed domains moved from initial registration to malicious content within hours.

The lure phase uses the model itself as the delivery channel.

A user or autonomous AI agent receives a confident recommendation from a sanctioned assistant and visits infrastructure controlled by an attacker, without a traditional phishing email or advertisement.

Zero-Reputation Domains Evade Blocklists

Unit 42 said conventional URL defenses often depend on prior reputation, threat-intelligence history or blocklist entries.

Newly registered hallucinated domains can begin with none of those signals.

The research said some attackers can extend that clean-window advantage through redirect cloaking, benign content for automated crawlers and CAPTCHA-protected infrastructure.

Those techniques make a newly registered domain harder to classify before a user or agent reaches it.

Research Pipeline Tested 913 Brands

Unit 42 said its methodology generated 685,339 prompts across 913 global brands in technology, finance, healthcare, e-commerce, government, gambling and logistics.

The URL-generation phase used two model families, labeled LLM1 and LLM2, across three temperature settings.

The pipeline produced 2.1 million unique URLs.

Unit 42 said threat-intelligence systems flagged 13,229 of those URLs, or 0.61%, as malicious at the time of analysis.

Another 41,313 URLs, or 1.90%, were categorized as high risk.

The company also said 809,455 generated URLs, or 37.28%, resolved to nonexistent domains.

After normalization, those fictitious endpoints collapsed into approximately 250,000 unique phantom domains.

Unit 42 did not disclose the brand list, affected customer names, registered malicious domain names, remediation outcomes or evidence that any named organization lost data through phantom squatting.

Share this article
inXf

Related articles

More
UAE Cyber Summit Puts AI Risk Inside A National Resilience Plan
Cybersecurity

UAE Cyber Summit Puts AI Risk Inside A National Resilience Plan

The UAE’s 3rd Government Cybersecurity Summit in Abu Dhabi framed cyber defence as a national resilience issue, linking AI-enabled threats, telecom exposure, data compression and regional cooperation.

ChatGPT Lockdown Mode Narrows AI Data Exfiltration Paths
Cybersecurity

ChatGPT Lockdown Mode Narrows AI Data Exfiltration Paths

OpenAI is rolling out Lockdown Mode for eligible ChatGPT users to reduce data exfiltration risk from prompt injection. The optional setting limits outbound web and tool capabilities, trading some product flexibility for stronger containment around sensitive workflows.

Smart TV Proxy SDKs Turn Free Apps Into a Hidden AI Scraping Supply Chain
Cybersecurity

Smart TV Proxy SDKs Turn Free Apps Into a Hidden AI Scraping Supply Chain

Bright Data's SDK has been reverse-engineered in research showing how free apps can turn consumer devices, including smart TVs, into residential proxy nodes for web-scraping traffic. The issue matters because AI data harvesting is increasing demand for residential IPs, while consent screens and background network behavior may not be clear to users or IT teams.

WeedHack Malware Turns Minecraft Mods Into a 116,000-System Infostealer Campaign
Cybersecurity

WeedHack Malware Turns Minecraft Mods Into a 116,000-System Infostealer Campaign

WeedHack has infected more than 116,000 systems by targeting Minecraft players through malicious mods, clients, cheats and utilities. McAfee telemetry shows 116,464 affected systems, 2,000 to 3,000 infections a day, more than 240 distribution URLs and 3,820 malicious JAR files. The next signal is whether Minecraft mod communities can move users back toward official download sources before infostealer distribution expands further.

Keep Reading

More Stories

Latest
Heat Failures Put Data Centres, Telecoms Cabinets And Power Networks Under StrainCloud & Data CentersJul 1, 2026Heat Failures Put Data Centres, Telecoms Cabinets And Power Networks Under StrainExtreme heat is testing the physical systems behind digital services, from power transformers and telecoms cabinets to hospital data centres. BBC evidence from France and the UK shows outages at 40C, data-centre temperatures of 50.3C and rail cabinets that can exceed 70C, while no single national heat-proofing standard is named.Morgan Stanley Digital Asset Trust Wins OCC Approval With $50 Million Capital FloorFintech & Digital PaymentsJul 1, 2026Morgan Stanley Digital Asset Trust Wins OCC Approval With $50 Million Capital FloorThe OCC conditionally approved a national trust bank charter for Morgan Stanley Digital Trust, but the digital-asset subsidiary must meet capital, liquidity and nonobjection conditions before operating freely.MGX Raises $49bn Fund As Abu Dhabi AI Capital Targets Compute AssetsAIJul 1, 2026MGX Raises $49bn Fund As Abu Dhabi AI Capital Targets Compute AssetsMGX closed its first AI-focused fund at $49 billion, above its $45 billion target, as the Abu Dhabi firm ties sovereign capital to semiconductors, data centres and AI platforms. The company has not disclosed Fund I's investor list, stake sizes or customer capacity commitments.Taiwan Crypto Law Sets FSC Licences And 100% Stablecoin ReservesFintech & Digital PaymentsJul 1, 2026Taiwan Crypto Law Sets FSC Licences And 100% Stablecoin ReservesTaiwan approved the Virtual Asset Service Act, requiring crypto platforms to obtain FSC licenses while stablecoin operators face central-bank approval and 100% reserves. The law sets penalties, but the start date and first approvals remain unnamed.Qatar Funds Turksat Satellite As 50Gbps Capacity Stays At Turkish Orbital SlotTelco & ConnectivityJul 1, 2026Qatar Funds Turksat Satellite As 50Gbps Capacity Stays At Turkish Orbital SlotTurksat and Qatar's Es'hailSat signed a satellite partnership funded by Qatar, with Turkey keeping the 50 degrees east orbital and frequency rights while the project leaves cost, launch timing and customers undisclosed.Linux Foundation Executives Put MCP Between AI Models And Enterprise ToolsAIJul 1, 2026Linux Foundation Executives Put MCP Between AI Models And Enterprise ToolsLinux Foundation executives described MCP as a coordination layer that connects AI models to tools, memory and private data, while leaving approved registry lists and production outcomes outside the public record.US Lifts Anthropic Model Export Controls After Safeguards DealCapital & PolicyJul 1, 2026US Lifts Anthropic Model Export Controls After Safeguards DealThe Commerce Department is removing licence requirements for Anthropic’s Mythos and Fable models after a safeguards agreement, reopening foreign access while leaving jailbreak controls as the unresolved policy test.Rocket Lab Sets $8bn Iridium Deal As Satellite Network Test Awaits RegulatorsCapital & PolicyJul 1, 2026Rocket Lab Sets $8bn Iridium Deal As Satellite Network Test Awaits RegulatorsRocket Lab has agreed to buy Iridium Communications for about $8bn, pairing launch and spacecraft manufacturing with a satellite communications network that serves more than 2.55 million active subscribers.Qualcomm AI250 Stacks DRAM Over Compute But Leaves FLOPS UndisclosedChips & SemiconductorsJul 1, 2026Qualcomm AI250 Stacks DRAM Over Compute But Leaves FLOPS UndisclosedQualcomm is pitching high-bandwidth compute for AI inference, with AI250 cards claiming 768 GB of memory and 133 TB/s of effective bandwidth, but the company has not disclosed peak FLOPS or named customers.SEC Chair Says Tokenized Deposits Could Get Approval Next YearFintech & Digital PaymentsJul 1, 2026SEC Chair Says Tokenized Deposits Could Get Approval Next YearSEC Chair Paul Atkins said regulators could approve tokenized deposits as soon as next year, while also tying crypto rulemaking to bank-capital talks with the Fed, FDIC and OCC.UAE AI Authority Consolidates Data And Digital Government MandatesCapital & PolicyJul 1, 2026UAE AI Authority Consolidates Data And Digital Government MandatesThe UAE will establish an Artificial Intelligence and Data Authority to consolidate federal AI, public data and digital government functions, but the government has not disclosed a budget, staffing plan or implementation timetable.Aarogya Setu 2.0 Adds Google Gemma For India Health RecordsCapital & PolicyJul 1, 2026Aarogya Setu 2.0 Adds Google Gemma For India Health RecordsIndia launched Aarogya Setu 2.0 on June 29, 2026 as an AI-enabled personal health-record app using Google Gemma and a medical data toolkit, but public materials have not named an independent privacy audit or model-risk assessment.