PhishDecloaker: Detecting CAPTCHA-cloaked Phishing Websites via Hybrid Vision-based Interactive Models
Xiwen Teoh, Yun Lin, Ruofan Liu
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
In an escalating arms race between phishers and anti-phishing entities, threat actors continually devise sophisticated cloaking techniques to evade detection and deny access to security crawlers. A particularly insidious and growing trend is **CAPTCHA-cloaked phishing**, where malicious websites integrate CAPTCHA challenges to hide their true content from automated analysis tools while presenting a seemingly legitimate facade to unsuspecting users. This talk introduces **PhishDecloaker**, a novel hybrid vision-based system designed to automatically detect, recognize, and solve diverse CAPTCHA types on suspicious web pages, thereby revealing the hidden phishing content for downstream analysis.
AI review
This work introduces PhishDecloaker, a crucial hybrid vision-based system to combat CAPTCHA-cloaked phishing, a critical blind spot in current anti-phishing defenses. Leveraging advanced ML for detection, recognition, and solving, it not only reveals hidden phishing content but also uncovers novel IoCs like reused CAPTCHA API keys. The research demonstrates a sophisticated, practical solution to a pressing, previously unmitigated threat, delivering actionable insights for defenders.