Like any other business sector, the world of online black markets is a seriously competitive space. So much so that on Friday, one cybercriminal apparently leaked a copy of a rival’s premiere product. “FraudFox,” as it’s been dubbed, is a tool that helps hackers crack into email and bank accounts by fooling the site into thinking the attacker is the legitimate user.
“I have for you today a full version of Fraudfox, cracked!” a user posted on Reddit’s r/AlphaBay, devoted to discussing the Dark Net marketplace of the same name.
“I’m giving it away for free right now to beta testers and to get more popularity then I will charge a small fraction of what Hugo charges, no more monthly fee’s! (sic).”
The post has since been deleted.
“Hugo” refers to Hugochavez, the original developer of FraudFox, and whose avatar comes complete with a photo of the late Venezuelan president. Customers have to pay a humble $2 to receive a download link for the software, but then have to fork over $99 every month to continue using it. Nearly 600 people have paid just to download the software, according to records on AlphaBay.
FraudFox is so popular because it allows a hacker to spoof their browser “fingerprint.” When you browse the internet, some sites may record information like as your computer’s operating system, timezone, IP address, and browser plugins. This collection of information is what makes up your fingerprint, and when one of those pieces doesn’t match up—such as someone tries to log into your account from an IP address halfway across the world—the site might lock down your account to prevent fraudulent access.
So FraudFox lets an attacker create a fingerprint that is closer to that of the person they are trying to hack by choosing from several easy to navigate menus of various settings, and bypass that stage of site security.
It is unclear whether the version of FraudFox dumped is fully legitimate, although the file included a short text document with a contact email address. Whoever it behind that did not immediately respond to a request for comment, and neither did Hugochavez.
Regardless of whether the file made available Friday was a functioning installer for FraudFox or a malware-laden file, someone is still trying to profit of the established reputation of the product.
Illustration by Fernando Alfonso III