Artificial　neural　networks　suffer　from　catastrophic　forgetting　when　knowledge　needs　to　be　learned　from　multi-batch　or　streaming　data.　In　response　to　this　problem,　researchers　have　proposed　a　variety　of　lifelong　learning　methods　to　avoid　catastrophic　forgetting.　However,　current　methods　usually　do　not　consider　the　possibility　of　malicious　attacks.　Meanwhile,　in　real　lifelong　learning　scenarios,　batch　data　or　streaming　data　usually　come　from　an　incompletely　trusted　environment.　Attackers　can　easily　manipulate　data　or　inject　malicious　samples　into　the　training　data　set.　As　a　result,　the　reliability　of　neural　networks　decreases.　Recently,　researches　of　lifelong　learning　attacks　need　to　obtain　real　samples　of　the　attacked　classes,　whether　using　backdoor　attacks　or　data　poisoning　attacks.　In　this　paper,　we　focus　on　an　attack　setting　that　is　more　suitable　for　lifelong　learning　scenario.　This　setting　has　two　main　features.　The　first　is　the　setting　does　not　require　real　samples　of　the　attacked　classes,　and　the　second　is　it　allows　attacks　to　be　performed　on　tasks　that　exclude　the　attacked　classes.　For　this　scenario,　we　propose　a　lifelong　learning　attack　model　based　on　deep　inversion.　In　the　scenario　where　EWC　is　used　as　the　benchmark　lifelong　learning　model,　our　experiments　show　that　1)　in　the　data　poisoning　attack,　the　target　accuracy　can　be　significantly　decreased　by　adding　0.5%　of　poisoned　samples;　2)　The　backdoor　attack　with　high　accuracy　can　be　achieved　by　adding　1%　of　backdoor　samples.