More than 60,000 stolen digital profiles are currently up for sale on Genesis Store, a private and invitation-only online cybercriminal market discovered and exposed by Kaspersky Lab researchers.
“The profiles include: browser fingerprints, website user logins and passwords, cookies, credit card information. The price varies from 5 to 200 dollars per profile – it heavily depends on the value of the stolen information,” said the researchers.
A digital fingerprint is a complex collection of system properties up to 100 attributes, from IP addresses, screen size, device ID, timezone, GPU/CPU info, cookies, and many others—and user behavioral characteristics that can range from the user interests and custom system configuration changes to the time spent on specific websites and mouse movement behavior.
The digital profiles available for sale on the Genesis Store cybercriminal marketplace were stolen from users who got infected by malware strains designed for this specific purpose: to collect and exfiltrate accounts, logins, passwords, and browsers cookies and send them to their masters.
What makes digital identities a marketable commodity on cybercriminal markets is the fact that they are used to circumvent fraud detection systems put in place by online stores, banks, and various other services which are a common target for malicious actors.
While cybercriminals are able to steal both user credentials and payment card info and, in theory, put them to work by logging into their victims’ online banking systems, the bank’s anti-fraud system will block such attempts by comparing their digital fingerprint against a database of digital identities of known miscreants.
Besides the digital fingerprints sold to crooks who need them to replace their systems’ fingerprints with fake ones, the threat actors behind Genesis Store also sell a wide assortment of stolen data “including user accounts, logins, passwords and browser cookies collected from various online services – from stores and payment systems to bank accounts.”
The Genesis Store market comes with a built-in search panel which allows buyers to quickly find a specific profile using a wide assortment of filters and, even more importantly, a .crx plugin for Chromium-based web browsers to make it as easy as possible to quickly add the stolen digital profiles to one’s browser with a single mouse click.
Once a digital profile has been applied to the cybercriminal’s browser, the bad actor will become a virtual doppelganger of the user who got his digital fingerprint stolen—and potentially his logins and passwords, cookies, credit card information—the only thing left to do for the crook being to connect to the website it wants to target using a VPN or proxy also appear to be located near the victim’s real location.
The Genesis Store operators also provide cybercriminals with the choice to generate random and unique fingerprints that can be used to login within online services that employ digital identity-based anti-fraud without triggering any sort of alarms.
As detailed in a Juniper Research study from 2018, “annual online payment fraud losses from eCommerce, airline ticketing, money transfer and banking services, will reach $48 billion by 2023; up from the $22 billion in losses projected for 2018.”
This makes fighting identity theft and fraud schemes a top concern for all companies in the financial industry which, as advised by Kaspersky Lab’s research team can protect their users against attackers using digital profiles to impersonate their victims by enabling two-factor authentication for any and all transactions made online.
“Even though it is not very convenient for users to complete the extra authentication routine each time they want to buy online, it is the most effective safeguard against carding attacks for the present,” concluded Kaspersky Lab.