Cybersecurity nonprofit, Security Alliance, has released a new tool to help security researchers verify crypto phishing attacks, which led to more than $400 million stolen in the first half of this year.
On Monday, the Security Alliance (SEAL) announced that it had been working on a new tool to enable “advanced users and security researchers” to join the fight against crypto phishing by verifying that a reported phishing website is malicious.
Cybersecurity researchers often cannot see or replicate what users see when they encounter a potentially malicious link, as scammers have developed “cloaking features” to serve benign content to suspected web scanners, they added.
SEAL’s new tool, called the “TLS Attestations and Verifiable Phishing Reports” system, aimed at helping security researchers, will now help to prove the malicious website actually contains the phishing content the user claims to see.
“It’s intended to be a tool to help experienced ‘good guys’ work better together, rather than the average user,” SEAL told Cointelegraph.
“What we needed was a way to see what the user was seeing. After all, if someone claims that a URL was serving malicious content, we can’t just take their word for it.”
How SEAL’s verifiable phishing reports work
The system works by having a trusted attestation server act as a cryptographic oracle during the TLS connection.
Transport Layer Security (TLS) is a web protocol that ensures secure communication over a computer network by encrypting data to protect it from eavesdropping and tampering.
Related: Venus Protocol user suffers $13.5M loss from phishing attack
The user or researcher runs a local HTTP proxy that intercepts connections, captures connection details and sends them to the attestation server. The server handles all encryption/decryption operations while the user maintains the actual network connection.
Verifiable Phishing Reports
Users can submit “Verifiable Phishing Reports,” which are cryptographically signed proofs showing exactly what content a website served them.
SEAL can then verify these are legitimate without needing to access the phishing sites themselves, making it much harder for attackers to hide their malicious content.
“This is a tool meant for advanced users and security researchers ONLY,” wrote SEAL on the GitHub download page.
Magazine: Bitcoin’s ‘macro whiplash,’ Shuffle suffers data breach: Hodler’s Digest
