A new hacking tool may threaten security approaches as it lands on the dark web. According to researchers, the new MASQ tool available for sale on the dark web spoofs device fingerprints, essentially allowing an adversary to bypass security checks.
MASQ Tool Spoofs Device Fingerprints
Researchers from the cybersecurity firm Resecurity® HUNTER have spotted the MASQ tool actively sold on the dark web. As elaborated in a report from Security Affairs, the MASQ tool spoofs device fingerprints to bypass authentication mechanisms.
Device fingerprints typically include specific details of a users’ device that serve as the users’ online identity. These may include the IP address, browser information, device model, type, and features, screen resolution, time zone, browser plugins, language settings, and more.
These details help the antifraud mechanisms to validate legit users. However, the new MASQ tool can spoof this all. Thus, it becomes too difficult to distinguish a spoofed login from a legit one. This helps the attackers break into users’ bank accounts, make fraudulent payments, and meddle with other online transactions... Please continue the article at the source
