Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Over 60,000 Stolen Profiles Sold on Underground Marketplace

An underground invitation-based private marketplace for stolen digital fingerprints offers more than 60,000 stolen bot profiles at the moment, Kaspersky Lab reports.

An underground invitation-based private marketplace for stolen digital fingerprints offers more than 60,000 stolen bot profiles at the moment, Kaspersky Lab reports.

Called Genesis Store, this is the biggest online store for such data, and the profiles sold there include browser fingerprints, website user logins and passwords, cookies, and credit card information. Based on the value of the stolen information, prices per profile range from $5 to $200.

“For example, if the bot has a login/password pair from an online bank account, the price is higher. As the marketplace owners have explained in their Darknet forum thread, the price is calculated automatically using a unique algorithm,” Kaspersky Lab’s security researchers explain.

The marketplace includes a configurable search panel, so that users can easily find specific bots by searching for logins and passwords from a particular website, the victim’s country, operating system, date the profile first appeared at the market, and the like.

Looking to make the use of the stolen profiles as easy as possible, the owners of Genesis Store have developed a special .crx plugin for Chromium-based browsers, which allows for the installation of stolen digital profiles with a single click.

Next, the cybercriminal needs to connect to a proxy server with an IP address from the victim’s location, which allows them to bypass an anti-fraud systems’ verification mechanisms. Thus, they can pretend to be the legitimate user, effectively becoming the victim’s doppelganger.

Genesis Store also allows customers to generate unique fingerprints, if they don’t want to buy real ones, the researchers say.

“Genesis Store gives its customers an opportunity to use Genesis algorithms and the plugin to generate random fingerprints that can be used, for example, to enter stolen bank card information into online store forms: such unique browser fingerprints will be properly configured, so the anti-fraud system will not be alarmed,” Kaspersky explains.

Cybercriminals can also use the Tenebris Linken Sphere browser to bypass anti-fraud systems. Not only do its developers claim that the application is the perfect browser for anonymity, but it has already been used for carding (i.e., the use and trafficking of stolen credit cards) for years.

A fully functional browser, Sphere packs advanced fingerprint configuration capabilities, automatic proxy server validity testing and usage options. It also has a user activity emulator, allowing crooks to set it to open websites, follow links, stay on websites for a given length of time, and the like, to trick anti-fraud systems’ behavior analysis modules.

“The Tenebris Linken Sphere developers have also created a marketplace of unique fingerprints that can be used with Sphere browsers,” Kaspersky says.

The browser is offered as part of a subscription-based licensing system, priced at $100 per month. Those interested in gaining access to the fingerprints market have to pay $500 per month. Sphere provides a broad range of configuration options for generated fingerprints, with fully adjustable parameters in most cases.

Genesis and Sphere prove that cybercriminals are always looking for ways to defeat the anti-fraud safeguards through in-depth research of how such systems work, and through the analysis of browser traffic to understand protection system scripts and queries.

“The security departments of financial organizations must always look for ways to counter such threats. Extra two-factor authentication for any transaction initiated using a bank card or payment system is an absolute necessity these days, even if the user’s digital profile appears legit to the protection system. Even though it is not very convenient for users to complete the extra authentication routine each time they want to buy online, it is the most effective safeguard against carding attacks for the present,” Kaspersky notes.

Related: You Can DDoS an Organization for Just $10 per Hour: Cybercrime Report

Related: Europol Creates Dark Web Investigations Team

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Cybercrime

Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands.