A new report from Group-IB exposes a growing cybersecurity threat: browser fingerprint theft. Cybercriminals are using sophisticated techniques to steal unique digital identifiers that track user activity online. This method allows attackers to bypass security measures, impersonate users, and commit fraud without triggering alarms.
Browser fingerprinting is a technique that collects various system attributes, such as:
- Device and browser configurations
- Installed plugins and fonts
- Operating system details
- Screen resolution and language settings
This fingerprinting method is used by financial institutions, online services, and security platforms to detect fraud. However, attackers have found ways to steal and reuse fingerprints, allowing them to mimic legitimate users and evade detection.
“What makes browser fingerprinting particularly alarming is its invisibility. The victim might not even know that the fingerprint has been captured or misused,” the report warns.
In October 2024, Group-IB’s Threat Intelligence Team identified a massive fingerprint theft campaign linked to the threat actor ScreamedJungle. The group compromised more than 115 e-commerce websites running outdated versions of Magento and injected malicious JavaScript to collect browser fingerprints.
Key Findings from the Campaign:
- The Bablosoft JS script was hidden in HTML comments labeled ‘Google Finger Analytics’ to appear legitimate.
- If a user visited a compromised website using a desktop device, the malicious script executed the ProcessFingerprint function, extracting data like installed fonts, GPU data, media devices, and even keyboard layouts.
- Stolen fingerprints were sent to Bablosoft’s CustomServers, a platform that allows fraudsters to store and trade fingerprints for criminal activities.
Once fingerprints are stolen, cybercriminals use automation tools like Bablosoft’s BrowserAutomationStudio (BAS) to impersonate victims and bypass security defenses.
Real-World Risks:
- Account takeovers: Fraudsters use stolen fingerprints to log in to victims’ banking, email, and e-commerce accounts.
- Fraudulent transactions: Cybercriminals place orders using stolen credentials while appearing to be the real user.
- Credential stuffing attacks: Attackers combine stolen fingerprints with leaked credentials to bypass multi-factor authentication (MFA).
Browser fingerprint theft represents a stealthy and dangerous cybersecurity threat. As criminals refine their techniques, businesses and individuals must adapt to defend against these evolving attacks. Awareness, proactive security measures, and continuous monitoring are crucial to staying ahead of fraudsters.
Related Posts:
- British police trial new mobile fingerprint device: identify criminals within 1 minute
- Korea develops full-screen fingerprint scanning technology with FBI-levels of security
- India is scanning the fingerprints, eyes and faces of its 1.3 billion residents
- Zero-Day Vulnerability: 18 Years of Exploiting the ‘0.0.0.0’ Flaw
