MASQ: The new hacking tool able to copy the identity of any smart device

A recent security report details the detection of MASQ, a tool that allows threat actors to copy smart devices fingerprints, allowing them to evade any security mechanism for malicious purposes. This tool is sold on the dark web and has support for all kinds of devices, including smart TVs from manufacturers such as Samsung, Sony or Philips and for video game consoles such as PlayStation and Xbox.

According to the experts at Resecurity, this is one of the most popular cybercriminal trends today, as it allows hackers to perform account takeover attacks and easily access compromised online accounts without attracting the attention of affected users or security systems on these platforms.

Before continuing, it is necessary to clarify that the term fingerprints refers to a set of data related to the user’s devices, including IP addresses, screen resolution, browser data, time zone, language, navigation cookies and browser plugins installed. Many of the current anti-fraud solutions are based on fingerprint verification and are usually regarded as a reliable method.

Using MASQ in conjunction with the credentials for an attacked account, threat actors can reuse victim cookies to spoof the digital record of an authentic device. Anti-fraud mechanisms will not be able to identify this malicious activity, so transactions will be carried out without raising suspicions.

With the active growth of consumers using mobile devices, cybercriminals use such tactics more often to compromise all kinds of online accounts, including email platforms, social media accounts and online banking accounts.

“These tools represent one of the biggest risks for online transactions, as they enable all kinds of frauds. It is extremely important to track the emergence of such tools on the dark web and use this knowledge to develop more advanced fraud prevention and digital identity authentication controls,” Resecurity experts mention.

The latest version of MASQ was released on June 13, indicating that the tool receives constant updates and maintenance. Experts mention that this tool has already displaced Linken Sphere as the most popular evasion tool today, so it will continue to be in the news for months to come.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.