More than 60,000 robbed digital profiles are currently being sold at the Genesis Store, a private online cybercriminal market found and exposed by Kaspersky Lab researchers.
“The profiles include: browser fingerprints, user sites and passwords, cookies, credit card details. The price varies from $5 to $200 per profile, depending heavily on the value of the data stolen,” the scientists said.
A digital fingerprint provides a complex collection of system features— up to 100 attributes, IP addresses, screen sizes, device IDs, time zones, GPU / CPU info, cookies, etc.— and user behavior features that vary from user interests to changes in system configuration to time spent on specific mouse or websites.
The digital profiles available for sale on Genesis Store’s cybercriminal marketplace were stolen from users who were infected with malware strains designed to collect and exfiltrate cookies for their own masters, logins, passwords and browsers.
Genesis Store home page
The fact that digital identities have been used to bypass the detection of fraud by online stores, banks, and various other services that are a common target for malicious actors makes them marketable on cybercriminal markets.
While cyber criminals can steal user credentials as well as payment cards information and in theory put them to work by logging in online banking systems of their victims, the anti-fraud system in the bank is preventing such attempts by comparing their digital fingerprint with a database of digital identities of known misbelievers.
In addition to digital fingerprints sold to crooks who want them to replace fingerprints with fake fingerprints, threatening actors at Genesis Store also sell a wide range of stolen data, including user accounts, login, passwords and browser cookies from a range of online services, from shops and payment systems to bank accounts.
Digital fingerprint example
The Genesis Store market comes with an integral search panel, which enables buyers to quickly find a particular profile with a variety of filters, as well as with a.crx plugin for Chromium-based web browsers, which makes adding stolen digital profiles to your browser with just a mouse click as easy as possible.
Once a digital profile has been applied to the cybercriminal browser, the bad actor is the only thing left to do for the bad actor to connect to the website it wants by using the VPN or proxy is to have its own digital fingerprint stolen–and possibly its logins and passwords, cookies and credit card information.
The operators of the Genesis Store are also able to create random and unique fingerprints for Internet service users who use digital identity-based fraud without triggering any kind of alarm.
Digital doppelganger Chromium extension
As described in the 2018 Juniper Research study, “annual losses of ecommerce, ticketing, transfers and banking services on online payments, by 2023 will be around $48 billion, up from the $22 billion projected in 2018” make combating identity theft and fraud systems a key concern for all financial companies, as advised by Kaspersky Lab’s resea.
“Although the additional authentication routine is not very convenient to users every time they want to buy it online, it is the most effective safeguard against currently occurring carding attacks,” concluded Kaspersky Lab.
Leave a Reply