Cybercriminals are increasingly leveraging AI-powered cloaking tools to bypass browser security measures and evade detection systems. Platforms such as Hoax Tech and JS Click Cloaker enable hackers to display harmless content to automated scanners while revealing malicious pages only to human users, making it significantly harder for traditional security tools to identify and block threats.
Researchers at Slashnext have uncovered that these sophisticated cloaking techniques are allowing phishing campaigns and fraudulent websites to remain undetected for longer periods, increasing the risk of data breaches and malware infections. As these tools become more accessible and affordable, they are reshaping the landscape of digital fraud, requiring users to adopt additional security measures to protect themselves from emerging threats.
Hoax Tech analyzes hundreds of data points to build a digital fingerprint of every visitor, from their browser configuration and plugins to their geographic location and IP history. The company’s AI engine, called Matchex, compares this data to a massive database of known crawlers and security scanners. If the system detects a suspicious visitor, it redirects them to a clean, harmless site. If it identifies the visitor as legitimate, it displays the actual scam content.
JS Click Cloaker takes a similar approach but claims to evaluate over 900 parameters per visit. The system scans for behavioral anomalies and uses historical click data to decide whether to allow access to the real page. It also includes features like traffic splitting and A/B testing, giving its users a suite of tools more commonly seen in professional marketing software.
At the core of both platforms is the ‘white page’ and ‘black page’ system. The system shows security scanners the white page, which looks benign and passes review. It serves human victims the black page, which contains the scam or malicious payload. This selective targeting allows phishing campaigns and fraudulent sites to stay live longer and avoid detection.
Cybercriminals are increasingly adopting advanced cloaking tools to evade detection, which is making it harder for people to spot malicious websites. Still, there are steps you can take to reduce your risk:
1. Stick to trusted sources: Avoid clicking on links from unknown senders or sketchy websites, even if they appear in ads or social media posts. Type URLs directly when possible.
2. Use strong antivirus software: A strong antivirus software can help analyze suspicious links and sites before you open them.
3. Use security-focused browsers: Built-in protections in browsers like Firefox and Brave can help block suspicious scripts and trackers.
4. Keep your software updated: Regular updates to your browser, operating system, and antivirus software ensure you have the latest security patches.
5. Be cautious with login pages: If a site asks for your credentials unexpectedly, verify the URL and domain name carefully. Cloaked phishing pages can look nearly identical to the real thing.
6. Enable two-factor authentication (2FA): Even if your credentials are stolen, 2FA can act as a final line of defense against account takeover by requiring a pin which is generated through an authenticator app or is sent to your phone or email.
AI-powered cloaking is making it increasingly difficult to track and take down malicious sites. The result is a fast-growing market for what is essentially cloaking-as-a-service. These tools are inexpensive, easy to use, and designed to work at scale. For cybercriminals, cloaking is no longer a fringe tactic but a core part of their toolkit. While you may still be unaware of these tools, they are already reshaping how digital fraud operates behind the scenes.
Do you think browsers and search engines are doing enough to protect you from advanced scams like these? Let us know by writing us at CyberGuy.com/Contact.