Pierluigi Paganini April 10, 2019

Security experts at Kaspersky Lab reported that over 60,000 stolen profiles are offered for sale on an private marketplace called Genesis Store.

More than 60,000 stolen profiles are offered for sale in the underground marketplace Genesis Store, it includes browser fingerprints, web site user logins and passwords, cookies, and credit card information. The seller is offering the stolen data at a price per profile that ranges from $5 to $200.

“Genesis Store is an online cybercriminal invitation-based private market for stolen digital fingerprints. At the moment it offers more than 60k+ stolen bot profiles.” reads the post published by Kaspersky. “The profiles include: browser fingerprints, website user logins and passwords, cookies, credit card information. The price varies from 5 to 200 dollars per profile – it heavily depends on the value of the stolen information.”

Operators behind the marketplace explained that the price for the good they are selling is calculated automatically using a unique algorithm, for example, online bank account credentials have a higher price.

Genesis Store is the biggest online underground market for stolen data, it is easy to use and allows users to select specific bots by searching for credentials from a specific website, the victim’s country, operating system, and also the date the profile first appeared in the market.

The Genesis Store provides users a special .crx plugin for Chromium-based browsers that allows them to install of stolen digital profiles with a single click.

“The plugin allows installing stolen digital profiles into the cybercriminal’s own browser with a single mouse click for him to become a doppelganger of the victim.” continues Kaspersky. “After that the bad guy only needs to connect to a proxy server with an IP address from the victim’s location and he can bypass the anti-fraud systems’ verification mechanisms, pretending to be a legitimate user.”

An option implemented in Genesis Store allows customers to generate unique fingerprints, that could be used to enter stolen bank card information into online store forms. The use of unique browser fingerprints allows bypassing anti-fraud system.

Experts at Kaspersky also described another tool widely used to bypass anti-fraud systems, the Tenebris Linken Sphere browser.

Crooks could leverage the Tenebris Linken Sphere browser to bypass anti-fraud systems and remain anonymous, this tool is used for carding for years. 

“Unlike the Genesis plugin, Sphere is a fully functional browser with advanced fingerprint configuration capabilities, automatic proxy server validity testing and usage options, etc. It even features a user activity emulator – cybercriminals can program it to open the desired websites, follow links, stay on websites for a given length of time, etc.” continues Kaspersky. “Simply put, to trick the anti-fraud systems’ behavior analysis modules. The Tenebris Linken Sphere developers have also created a marketplace of unique fingerprints that can be used with Sphere browsers. “

This browser is offered as part of a subscription-based licensing system that goes for $100 per month. Cybercriminals that want to access the fingerprints market have to pay a fee of $500 per month.

“Antifraud systems are rapidly developing. They introduce new protection mechanisms to fend off fraudsters, while fraudsters develops new tools to break through the protection layers.” the experts conclude.”The sums of money lost to carding attacks are huge, and cybercriminals are most certain to scale up these malicious activities.”

Pierluigi Paganini

(SecurityAffairs – fingerprints, Genesis Store)

[adrotate banner=”5″]

[adrotate banner=”13″]