Fingerprint Heists: How your browser fingerprint can be stolen and used by fraudsters

Group-IB identified a campaign (ScreamedJungle) active since at least May 2024 that compromises Magento stores—likely via known Magento vulnerabilities—to inject a Bablosoft clientsafe.js script which collects detailed browser fingerprints and posts them to Bablosoft CustomServers. The harvested fingerprints are abused with BrowserAutomationStudio (BAS) features (FingerprintSwitcher, PerfectCanvas) to spoof legitimate devices, enabling large-scale credential-stuffing and fraud; the report includes impacted site counts (115+), estimated user exposure (100Ks+ monthly fingerprints in Italy), technical TTPs, and IOCs such as busz.io and screamedjungle.com.