FraudFox - A Tool Designed to Help Thieves Empty Bank Accounts
A browser's fingerprint is a term that refers to a selection of data which makes a certain browser unique and identifiable. The fingerprint includes information collected from the respective computer such as the IP address, time zone, language settings, version numbers of the installed plug-ins, browser preferences, etc. Banks use these collections of data to identify and authorize devices for transactions. So if you are a hacker who wants to get away with some money, you won't only have to steal the bank account info but also use a device that will be authorized by the respective bank.
Here comes FraudFox, a program that helps cyber criminals easily mimic the browser fingerprints of their victims. The application is being sold on a website called Evolution which is known as being the successor of the infamous SilkRoad (a site for drug trafficking, contraband and other illegal activities), and it is priced at 1.8 bitcoins (roughly $400). FraudFox's vendor (and possibly developer) is someone who uses the nickname hugochavez and who apparently has a lot of "street credit" on the site. At the moment, the tool has been trial-tested by just one person on Evolution and it received positive comments.
If you're curious about how it works, I'll give you all the information I could gather, although it is not entirely complete. FraudFox is basically a modified version of Windows with an altered Firefox browser. Both Windows and Mac users will have to employ a virtual machine application named VMware to launch FraudFox. The program's menu allows its users to easily switch between various versions of the operating system versions, 32 or 64 bits, language, screen resolution, time zone, etc. Furthermore, you can also choose which fonts should appear as installed, what browser versions should be visible, the Adobe Flash version, etc. What many people are wondering is how does the program deal with IP switching? Obviously, the criminal can't use his real IP and almost every online banking system is capable of recognizing proxy usage, so that should be a real issue.
For our money's sake, I hope that the banks are very aware of this situation and are updating their security systems.