Moonlock Updates

Moonlock unveils a solution for real-time phishing detection at STAST 2024

Katya Shevchenko

Jul 11, 20242 min read

Moonlock's antiphishing research at STAST 2024

What started as a proof-of-concept experiment at Moonlock, a cybersecurity division of MacPaw, was polished to perfection by MacPaw’s Technological R&D — Ivan Petrukha, Nataliia Stulova, and Serhii Kryvoblotskyi. Their research on phishing website detection has produced a native macOS app that detects spoofed websites in real time and can spot zero-day phishing.

The research and the app are detailed in the team’s position paper “Think Globally, React Locally — Bringing Real-time Reference-based Website Phishing Detection on macOS,” which was presented at the 14th International Workshop on Socio-Technical Aspects in Security (STAST 2024).

A fresh technique to thwart credential harvesting

Almost 5 million unique phishing web pages were published in 2023, and cybercriminals are getting better at pushing them to the top results of search engine queries. The phishing surge is so massive that security products have to make every second count to update their blacklists and protect users from new threats. 

Our research describes the prototype that instantaneously identifies the risk of credential harvesting on spoofed websites. It’s a combination of computer vision and machine learning that runs locally on the device to spot zero-day phishing. The prototype is tailored to macOS and, of course, to protection of user data.

A screenshot of our antiphishing prototype at work.
A screenshot of our antiphishing prototype at work. The app detects a phishing attempt by quickly analyzing web page elements, verifying the brand attribution, and checking the URL.

An opportunity to connect over the shared goal

Hosted by the IEEE Symposium on Security and Privacy, STAST 2024 is a one-day workshop where experts in computer security, social, and behavioral studies exchange ideas on designing secure systems. Presentation of our research to the scientific community marks a major milestone in Moonlock’s work, and we couldn’t be prouder of our team!

The workshop proved the demand for better anti-phishing tools, and we are grateful for the feedback and input from the attendees. We are coming home full of fresh ideas to expand the possibilities of the prototype. After all, if we integrate it deeper into messaging applications and email clients, we can build the ultimate anti-phishing protection tool for all Mac users.

The position paper was originally uploaded to arXiv.org

Katya Shevchenko Katya Shevchenko
Katya is a copywriter that explains cybersecurity with Moonlock. Compares pirated macOS apps to cheap plastic surgeries to prove her point.