Ddos 
The Attack Model | Image: Unit 42
Security researchers at Palo Alto Networks Unit 42 have unveiled a concerning evolution in web-based attacks, demonstrating how Generative AI can be weaponized to create “living” phishing pages that assemble themselves only after a victim visits a seemingly harmless site.
This new technique represents a significant leap in evasion capabilities. Instead of hosting malicious code directly, attackers can now force the victim’s own browser to build the trap using trusted AI tools.
The core of this attack is deception. Traditional phishing sites are often flagged by security scanners because they contain recognizable malicious code. This new method bypasses those checks by starting with a clean slate.
“Imagine visiting a webpage that looks perfectly safe. It has no malicious code, no suspicious links. Yet, within seconds, it transforms into a personalized phishing page,” the report opens.
The mechanism relies on “Client-side API calls” to popular Large Language Model (LLM) services. By embedding carefully crafted text prompts into a clean webpage, attackers can instruct an AI model to generate the malicious JavaScript needed to steal credentials or impersonate a brand.
Crucially, the attack leverages prompt engineering to slip past the safety filters built into these AI models. “Attackers could use carefully engineered prompts to bypass AI safety guardrails, tricking the LLM into returning malicious code snippets”.
Once the AI returns the code, the browser assembles and executes it instantly. The result is a fully functional phishing site that leaves “no static, detectable payload” for traditional security tools to find.
One of the most dangerous aspects of this technique is where the traffic originates. Security tools often block traffic from known malicious servers, but they rarely block traffic from major AI providers.
“The malicious content is delivered from a trusted LLM domain, bypassing network analysis,” the researchers note. Because the browser is simply talking to a legitimate AI service (like Gemini or DeepSeek, as noted in the study’s Proof of Concept), firewalls see the activity as normal user behavior.
Perhaps the most challenging feature for defenders is polymorphism. Because LLMs are non-deterministic—meaning they might phrase the same answer differently each time—the malicious code they generate is unique for every single victim.
“The code for the phishing page is polymorphic, so there’s a unique, syntactically different variant for each visit,” the report explains. This constant mutation makes signature-based detection nearly impossible.
To prove the viability of this threat, Unit 42 researchers successfully replicated Logokit, a real-world phishing kit known for its ability to impersonate login pages dynamically. By using an LLM to generate the code on the fly, they created a version that could harvest credentials and impersonate brands without triggering standard alarms.
With network analysis blinded by trusted domains and static analysis foiled by dynamic generation, the only way to catch this attack is to watch it happen.
Unit 42 concludes that the “most effective defense against this new class of threat is runtime behavioral analysis that can detect and block malicious activity at the point of execution, directly within the browser”.
Related Posts:
- The Ghost in the Market: Unmasking “Fly,” the Secret Architect of the Infamous Russian Market
- Venom Spider Evolves: Arctic Wolf Exposes More_eggs Campaign Targeting HR
- The AI Double-Edged Sword: How Generative AI Is Fueling a New Wave of Cyberattacks
- More_Eggs Malware Deep Dive: Abusing ieuinit.exe and Polymorphic JavaScript
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
