Virtual Event Today: Cyber AI & Automation Summit - Register/Login Now
Connect with us

Hi, what are you looking for?



Over 60,000 Stolen Profiles Sold on Underground Marketplace

An underground invitation-based private marketplace for stolen digital fingerprints offers more than 60,000 stolen bot profiles at the moment, Kaspersky Lab reports.

An underground invitation-based private marketplace for stolen digital fingerprints offers more than 60,000 stolen bot profiles at the moment, Kaspersky Lab reports.

Called Genesis Store, this is the biggest online store for such data, and the profiles sold there include browser fingerprints, website user logins and passwords, cookies, and credit card information. Based on the value of the stolen information, prices per profile range from $5 to $200.

“For example, if the bot has a login/password pair from an online bank account, the price is higher. As the marketplace owners have explained in their Darknet forum thread, the price is calculated automatically using a unique algorithm,” Kaspersky Lab’s security researchers explain.

The marketplace includes a configurable search panel, so that users can easily find specific bots by searching for logins and passwords from a particular website, the victim’s country, operating system, date the profile first appeared at the market, and the like.

Looking to make the use of the stolen profiles as easy as possible, the owners of Genesis Store have developed a special .crx plugin for Chromium-based browsers, which allows for the installation of stolen digital profiles with a single click.

Next, the cybercriminal needs to connect to a proxy server with an IP address from the victim’s location, which allows them to bypass an anti-fraud systems’ verification mechanisms. Thus, they can pretend to be the legitimate user, effectively becoming the victim’s doppelganger.

Genesis Store also allows customers to generate unique fingerprints, if they don’t want to buy real ones, the researchers say.

“Genesis Store gives its customers an opportunity to use Genesis algorithms and the plugin to generate random fingerprints that can be used, for example, to enter stolen bank card information into online store forms: such unique browser fingerprints will be properly configured, so the anti-fraud system will not be alarmed,” Kaspersky explains.

Advertisement. Scroll to continue reading.

Cybercriminals can also use the Tenebris Linken Sphere browser to bypass anti-fraud systems. Not only do its developers claim that the application is the perfect browser for anonymity, but it has already been used for carding (i.e., the use and trafficking of stolen credit cards) for years.

A fully functional browser, Sphere packs advanced fingerprint configuration capabilities, automatic proxy server validity testing and usage options. It also has a user activity emulator, allowing crooks to set it to open websites, follow links, stay on websites for a given length of time, and the like, to trick anti-fraud systems’ behavior analysis modules.

“The Tenebris Linken Sphere developers have also created a marketplace of unique fingerprints that can be used with Sphere browsers,” Kaspersky says.

The browser is offered as part of a subscription-based licensing system, priced at $100 per month. Those interested in gaining access to the fingerprints market have to pay $500 per month. Sphere provides a broad range of configuration options for generated fingerprints, with fully adjustable parameters in most cases.

Genesis and Sphere prove that cybercriminals are always looking for ways to defeat the anti-fraud safeguards through in-depth research of how such systems work, and through the analysis of browser traffic to understand protection system scripts and queries.

“The security departments of financial organizations must always look for ways to counter such threats. Extra two-factor authentication for any transaction initiated using a bank card or payment system is an absolute necessity these days, even if the user’s digital profile appears legit to the protection system. Even though it is not very convenient for users to complete the extra authentication routine each time they want to buy online, it is the most effective safeguard against carding attacks for the present,” Kaspersky notes.

Related: You Can DDoS an Organization for Just $10 per Hour: Cybercrime Report

Related: Europol Creates Dark Web Investigations Team

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...