TZUTC: -0500
MSGID: 2058.consprcy@1:2320/105 2dde10c2
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Hackers are using LLMs to build the next generation of phishing attacks -
here's what to look out for

Date:
Mon, 26 Jan 2026 15:35:00 +0000

Description:
What if a phishing page was generated on the spot, with no visible malicious
code or payload?

FULL STORY

When Generative Artificial Intelligence (GenAI) first emerged, early opinion
makers were discussing dynamic websites - sites that are not designed upfront
and unveiled, but were rather generated on the spot, for the visitor,
depending on their location, keywords used, browsing habits, device used,
intent, and so on. 

The age of static websites was apparently almost over, and that in no-time,
the content well see on the internet will be unique and tailored solely for
us. 

While that dream still hasnt materialized, the pioneers of this approach will
most likely be - cybercriminals.

Not exactly theoretical 

Security researchers from Palo Alto Networks Unit 42 arm have found the
technique can be easily used in phishing. 

In short, here is how it would work: 

A victim would be phished to visit a seemingly benign webpage. It contains no
visible malicious code, but once loaded, it sends carefully crafted prompts 
to a legitimate LLM API. The LLM returns JavaScript code (which is unique and
different for every user), which is then assembled and executed directly in
the browser. 

As a result, the victims are presented with a fully functional, personalized
phishing page, generated with no static payload delivered over the network
which the researchers could intercept and analyze. 

While the method is mostly a proof-of-concept today, its not purely
hypothetical, either. Unit 42 did not say it observed such an attack in the
wild, but hinted that the building blocks are being used. 

LLMs are already generating obfuscated JavaScript, albeit offline; runtime 
use on compromised machines is everywhere; LLM-assisted malware, ransomware,
and cyber-espionage campaigns are increasing in numbers every day. 

Dynamically generated phishing pages are the future of scams, Unit 42
stressed, but added that detection is still possible through enhanced
browser-based crawlers. 

Defenders should also restrict the use of unsanctioned LLM services at
workplaces. While this is not a complete solution, it can serve as an
important preventative measure, they added. 

Finally, our work highlights the need for more robust safety guardrails in 
LLM platforms, as we demonstrated how careful prompt engineering can
circumvent existing protections and enable malicious use. 

======================================================================
Link to news story:
https://www.techradar.com/pro/security/hackers-are-using-llms-to-build-the-nex
t-generation-of-phishing-attacks-heres-what-to-look-out-for

$$
--- SBBSecho 3.28-Linux
 * Origin: Capitol City Online (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470
SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426