Sound-skwatter (Did You Mean: Sound-squatter?) AI-powered Generator for Phishing Prevention

TL;DR

Sound-skwatter is an AI-powered multi-language system that proactively generates sound-squatting candidates, including cross-language variants, to enhance phishing defense by identifying malicious domains and package names before they are exploited.

Contribution

It introduces a novel multi-modal Transformer-based approach for automatic sound-squatting candidate generation across multiple languages, including cross-language scenarios.

Findings

Approximately 10% of generated domains exist in the wild, mostly unknown to existing solutions.

Around 17% of popular PyPI packages have at least one sound-squatting candidate.

The system effectively covers known homophones and high-quality sound-squatting candidates across languages.

Abstract

Sound-squatting is a phishing attack that tricks users into malicious resources by exploiting similarities in the pronunciation of words. Proactive defense against sound-squatting candidates is complex, and existing solutions rely on manually curated lists of homophones. We here introduce Sound-skwatter, a multi-language AI-based system that generates sound-squatting candidates for proactive defense. Sound-skwatter relies on an innovative multi-modal combination of Transformers Networks and acoustic models to learn sound similarities. We show that Sound-skwatter can automatically list known homophones and thousands of high-quality candidates. In addition, it covers cross-language sound-squatting, i.e., when the reader and the listener speak different languages, supporting any combination of languages. We apply Sound-skwatter to network-centric phishing via squatted domain names. We find ~ 10% of the generated domains exist in the wild, the vast majority unknown to protection solutions. Next, we show attacks on the PyPI package manager, where ~ 17% of the popular packages have at least one existing candidate. We believe Sound-skwatter is a crucial asset to mitigate the sound-squatting phenomenon proactively on the Internet. To increase its impact, we publish an online demo and release our models and code as open source.