Sound-squatting is a phishing attack that tricks users into malicious resources by exploiting similarities in the pronunciation of words. Proactive defense against sound-squatting candidates is complex, and existing solutions rely on manually curated lists of homophones. We here introduce Sound-skwatter, a multi-language AI-based system that generates sound-squatting candidates for proactive defense. Sound-skwatter relies on an innovative multi-modal combination of Transformers Networks and acoustic models to learn sound similarities. We show that Sound-skwatter can automatically list known homophones and thousands of high-quality candidates. In addition, it covers cross-language sound-squatting, i.e., when the reader and the listener speak different languages, supporting any combination of languages. We apply Sound-skwatter to network-centric phishing via squatted domain names. We find ~ 10% of the generated domains exist in the wild, the vast majority unknown to protection solutions. Next, we show attacks on the PyPI package manager, where ~ 17% of the popular packages have at least one existing candidate. We believe Sound-skwatter is a crucial asset to mitigate the sound-squatting phenomenon proactively on the Internet. To increase its impact, we publish an online demo and release our models and code as open source.

翻译：语音抢注是一种利用词语发音相似性诱骗用户访问恶意资源的网络钓鱼攻击。对此类攻击候选对象的主动防御较为复杂，现有方案依赖人工编纂的同音词列表。本文提出Sound-skwatter——一个用于生成语音抢注候选词的多语言AI系统，可支撑主动防御。Sound-skwatter融合Transformer网络与声学模型的创新多模态架构，学习发音相似性。实验表明，Sound-skwatter不仅能自动列举已知同音词，还可生成数千个高质量候选词。此外，该系统支持跨语言语音抢注（即读者与听者使用不同语言的情形），覆盖任意语言组合。我们将Sound-skwatter应用于域名抢注型网络钓鱼检测，发现约10%的生成域名真实存在于网络中，且绝大多数未被现有防护方案识别。进一步针对PyPI包管理器的攻击测试显示，约17%的流行包存在至少一个候选抢注对象。我们认为Sound-skwatter是互联网上主动缓解语音抢注现象的关键工具。为提升影响力，我们发布了在线演示，并将模型与代码开源。