unit42 · Crawled Jul 5, 2026

Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector

4 IoCs
Read original article ↗

AI Summary

Unit 42 researchers identified a new threat called 'phantom squatting,' where adversaries register AI-hallucinated domains to exploit software supply chains. Large language models (LLMs) frequently generate fictitious domains for legitimate brands, and attackers preemptively register these domains to intercept traffic from AI systems and users. A real-world case involved the 'Montana Empire' phishing kit, which targeted a hallucinated domain 23 days before its registration, demonstrating AI-assisted attack development. The research uncovered 13,229 malicious URLs and approximately 250,000 unregistered hallucinated domains, highlighting a growing risk to AI-driven workflows and developer tooling.

AI-extracted · verify before operational use

Indicators of Compromise 4 extracted

Type Value Detail
SHA-256 eb07edaa2786cfddfa4c15526168f2200d85300aee0a8f253b32d2462a7b0bcd Details →
SHA-256 2202a30daad9928ef47cca5f4ab04ce083692a94428e386fa01c2dd44557e34b Details →
Filename [redacted].zip Details →
Filename [redacted]post.apk Details →