- Unit 42 warns that GenAI enables dynamic, personalized phishing websites
- LLMs generate unique JavaScript payloads and avoid traditional detection methods
- Researchers call for stronger car protection, prevention of phishing and limited LLM use in the workplace
When Generative Artificial Intelligence (GenAI) first appeared, early opinion makers discussed dynamic websites – websites that are not pre-designed and revealed, but rather generated on the spot, for the visitor, depending on their location, keywords used, browsing habits, device used, intent, and so on.
It seems the days of static websites were almost over and that in no time the content we will see on the internet will be unique and tailored just for us.
Although that dream has still not been realized, the pioneers behind this approach will most likely be – cybercriminals.
Not exactly theoretical
Security researchers from Palo Alto Networks’ Unit 42 arm have found that the technique can easily be used in phishing.
In short, here’s how it would work:
A victim would be phished to visit a seemingly benign web page. It contains no visible malicious code, but once loaded it sends carefully crafted prompts to a legitimate LLM API. LLM returns JavaScript code (which is unique and different for each user) which is then assembled and executed directly in the browser.
As a result, victims are presented with a fully functional, personalized phishing page, generated with no static payload delivered over the network that researchers could intercept and analyze.
Although the method is mostly a proof-of-concept today, it is not purely hypothetical either. Unit 42 did not say that it observed such an attack in the wild, but suggested that the building blocks are being used.
LLMs already generate obfuscated JavaScript, albeit offline; runtime usage on compromised machines is everywhere; LLM assisted malware, ransomware and cyber espionage campaigns are increasing in number every day.
Dynamically generated phishing pages are the future of fraud, Unit 42 stressed, but added that detection is still possible through improved browser-based crawlers.
“Defenders should also limit the use of unapproved LLM services in workplaces. While this is not a complete solution, it can serve as an important preventive measure,” they added.
“Finally, our work highlights the need for more robust security guardrails in LLM platforms, as we demonstrated how careful rapid engineering can bypass existing protections and enable malicious use.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
