Every day, e-commerce and financial organizations around the world are targeted by cybercriminals. These criminals are often looking for customer information to use to steal the identities of customers or looking for information they can use to blackmail companies. Companies typically combat these cybercriminals using a technology called digital fingerprinting, a process designed to identify each unique device and browser that visits their websites. This enables them to verify the identity of any visitors and block malicious actors.
Historically, cybercriminals get around digital fingerprinting using technology like virtual machines, proxies, and VPN servers. However, anti-fraud systems are becoming sophisticated enough to identify suspicious IP addresses even if they are using these tactics.
As a result, cybercriminals have started using the Linken Sphere browser for criminal activity. Linken Sphere changes web browser configurations dynamically, generating an unlimited number. This enables them to imitate the activity of legitimate users.
According to Tenebris, the creators of Linken Sphere, it was created for legal, legitimate purposes such as:
- penetration testing
- social media market research
- keyword research
- bonus hunters (online gambling and other purposes)
- privacy-minded users
- people operating multiple accounts simultaneously for work
However, it was announced to the world via underground forums such as Exploit, Verified, Korovka, and Maza places known for enabling cybercriminals. The user who announced Linken Sphere on these forums is a verified member of the Tenebris team, the creators of Linken Sphere.
About Linken Sphere
According to Tenebris, here are the general features of Linken Sphere:
- Linken Sphere is based on the Chromium web browser: its developers used its source code and removed all tracking functions enabled by Google
- Operates in the “Off-the-Record Messaging” mode
- Does not use any hidden Google services
- Encrypts all saved data using the AES 256 algorithm
- Connects to the internet via various protocols, including HTTP, SOCKS, SSH, TOR, TOR + SSH, and DYNAMIC SOCKS
- Each session creates a new configuration and users do not need multiple virtual machines
- Allows working with different types of connections in multi-thread mode at the same time
- Includes built-in professional anti-detection with regular updates of configurations of the user’s agents, extensions, languages, geolocation, and many other parameters, which are able to change in real-time
- Saves fingerprints and cookie files after every session, allowing the use of a saved session by multiple users without needing to switch between virtual machines
- Does not require specific settings to start working proactively, anonymously, and securely
- Contains a built-in license with a location database GeoIP2 MaxMind, allowing users to configure time and geolocation immediately
- WebEmulator, called “Прогреватор” in Russian, is an option created to “warm up” websites in an automated mode. This function allows collecting needed cookie files automatically between websites before working with a new account. WebEmulator operates in the background with multi-thread mode allowing the set up of parameters for visiting websites such as the number of visited pages, time spent on each page, pauses, and delays between visits. WebEmulator enables alerts after task completion.