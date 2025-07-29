NEW You can now listen to Fox News articles!

Cybercriminals continually seek new ways to expose you to phishing and scam sites designed to steal your credentials or install malware that can compromise your personal data and system. Although browsers and search engines like Chrome and Google Search actively scan and take action against spam and malicious sites, they rely on automated tools to manage the huge volume of threats.

Recently, hackers have developed AI-powered cloaking software that enables them to bypass these scanners by showing benign pages to security systems while revealing harmful content only to real users. This advanced cloaking technique significantly increases the effectiveness and durability of phishing and malware sites, making it harder for traditional detection methods to protect you.

AI-powered web cloaking is here to trick you

As discovered by researchers at Slashnext, cybercriminals are adopting a new tactic that makes scam websites nearly invisible to the security systems meant to stop them. Known as web cloaking, the technique uses artificial intelligence to hide phishing pages, fake storefronts, and malware delivery sites from automated scanners while showing them only to human victims.

Platforms like Hoax Tech and JS Click Cloaker are emerging as key players in this trend. While both market themselves as traffic filtering tools for digital marketers, they are also being used to protect criminal infrastructure. These services use advanced fingerprinting, machine learning, and real-time decision-making to control what each visitor sees.

How cloaking tools outsmart detection systems

Hoax Tech analyzes hundreds of data points to build a digital fingerprint of every visitor, from their browser configuration and plugins to their geographic location and IP history. The company’s AI engine, called Matchex, compares this data to a massive database of known crawlers and security scanners. If the system detects a suspicious visitor, it redirects them to a clean, harmless site. If it identifies the visitor as legitimate, it displays the actual scam content.

JS Click Cloaker takes a similar approach but claims to evaluate over 900 parameters per visit. The system scans for behavioral anomalies and uses historical click data to decide whether to allow access to the real page. It also includes features like traffic splitting and A/B testing, giving its users a suite of tools more commonly seen in professional marketing software.

At the core of both platforms is the "white page" and "black page" system. The system shows security scanners the white page, which looks benign and passes review. It serves human victims the black page, which contains the scam or malicious payload. This selective targeting allows phishing campaigns and fraudulent sites to stay live longer and avoid detection.

6 ways you can stay safe from cloaked scam sites

Cybercriminals are increasingly adopting advanced cloaking tools to evade detection, which is making it harder for people to spot malicious websites. Still, there are steps you can take to reduce your risk:

1. Stick to trusted sources: Avoid clicking on links from unknown senders or sketchy websites, even if they appear in ads or social media posts. Type URLs directly when possible.

2. Use strong antivirus software: A strong antivirus software can help analyze suspicious links and sites before you open them.

3. Use security-focused browsers: Built-in protections in browsers like Firefox and Brave can help block suspicious scripts and trackers.

4. Keep your software updated: Regular updates to your browser, operating system, and antivirus software ensure you have the latest security patches.

5. Be cautious with login pages: If a site asks for your credentials unexpectedly, verify the URL and domain name carefully. Cloaked phishing pages can look nearly identical to the real thing.

6. Enable two-factor authentication (2FA): Even if your credentials are stolen, 2FA can act as a final line of defense against account takeover by requiring a pin which is generated through an authenticator app or is sent to your phone or email.

Kurt’s key takeaway

AI-powered cloaking is making it increasingly difficult to track and take down malicious sites. The result is a fast-growing market for what is essentially cloaking-as-a-service. These tools are inexpensive, easy to use, and designed to work at scale. For cybercriminals, cloaking is no longer a fringe tactic but a core part of their toolkit. While you may still be unaware of these tools, they are already reshaping how digital fraud operates behind the scenes.

