Cybercrooks are now creating live, personalized phishing pages in real time

Published: 23 January 2026
Last updated: 26 January 2026
phishing site
Image by Cybernews.

At first glance, it’s a normal and harmless webpage, but it’s able to transform into a phishing site after a user has already loaded it. In a matter of a few seconds, AI carefully crafts a landing page specifically for the victim, thus turning it into an online crime scene.

Key takeaways:
  • Attackers use AI to generate personalized phishing pages in real-time within victims' browsers.
  • The malicious code is polymorphic generated on-demand and different with each visit making it difficult to trace.
  • Scammers use carefully worded prompts to trick legitimate AI providers into generating malicious JavaScript code that bypasses security checks.
  • The malicious links are "reusable" because the code generates a customized version for each victim based on their browser data.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.

Researchers have demonstrated an unusual phenomenon in which seemingly innocent webpages can use AI to create and run malicious JavaScript in the victim's browser while the victim is visiting the page.

ADVERTISEMENT

Although the type of attack is relatively new, the outcome is traditional – victims end up losing their personal information, often without ever knowing they’ve visited dangerous areas of the internet.

Here’s how it happens.

Firstly, the attackers select a webpage from an existing phishing campaign and use it as a model for the malicious behaviour they want their own campaign to replicate.

china-phishing
Image by Getty Images/MirageC.

The malicious code is difficult to trace because it’s polymorphic – it’s generated on the spot by demand, therefore, it slightly differs with each visit. It’s an aspect that makes this scheme all the more clever – because the code’s “transformation” happens within the victim’s browser, the landing page will:

  • It looks very convincing because it will be based on data the browser stores, such as the user’s language, location, or device type.
  • Have a somewhat “reusable” malicious link, because every victim will see a version that’s crafted especially for them.

It gets worse.

These scammers carefully craft AI prompts that “persuade” AI systems to generate small snippets of malicious JavaScript code. They come from trusted AI providers, such as DeepSeek or Google Gemini, which in turn allows the code to slip through network security checks without raising any red flags.

ADVERTISEMENT

“Subsequently, these generated scripts could be assembled and executed to render malicious code or phishing content,” explains the research by Unit42.

During the few moments it takes for this to happen, ”the snippets are assembled and executed in the browser's runtime environment,” thus making the webpage on which the user is visiting fully capable of stealing login details or other sensitive information.

a table the show the wrokflow of a site turning malicious.
Workflow of the PoC. The first two steps are initial preparation, and the third is an example of generating malicious content to be rendered in the browser. Image by Unit 42.

Researchers recreated this scam themselves and found a catch

In order to check how this scam works in practice, a group of researchers partially recreated it themselves.

After following all the steps, researchers found that the words used to generate the malicious AI code matter a great deal. Researchers did not disclose which LLMs they were using, but stated that they refused to act upon obviously malicious instructions. However, a change in wording to make it sound more vague did the trick.

For example, “a request for a generic $AJAX POST function was permitted, while a direct request for 'code to exfiltrate credentials' was blocked. Furthermore, indicators of compromise could also be hidden within the prompt itself to keep the initial page clean,” the paper explains.

AI propmts that tell to code a phishing malicious code, letters in black on white page, red arrows
Example of prompt engineering to bypass LLM guardrails and generate JavaScript code for phishing content. Image by Unit 42.

One of the risks of running this type of attack, according to researchers, is the possibility that the LLM model might hallucinate some of its elements. However, the attack they simulated was successful.

How to avoid this type of attack?

ADVERTISEMENT

Although the attack is rather sneaky, there are several ways to combat the danger or avoid it altogether.

Firstly, these AI-powered phishing attacks could be prevented by “runtime behavioral analysis,” which, in practice, signals the need to monitor and block malicious behavior directly in browsers where the attacks occur.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Another idea is to perform “offline analysis with browser-based sandboxes that render the final webpage” before someone visits it.

Finally, researchers emphasize that their study highlights the need for more “robust safety guardrails in LLM platforms,” as a well-crafted prompt can still enable malicious behaviour.

At the very least, those concerned about their online safety should limit their use of unsanctioned LLM services.

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked