Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
At the Security Analyst Summit 2019 conference, Kaspersky Lab researchers spoke about the discovery of an interesting trading platform - Genesis. Clients of this resource are offered to purchase not just other people's personal data, but more than 60,000 ready-made network "masks", that is, data on user behavior on the network: the history of visits to sites, information about the operating system, browser, installed plugins, and so on.
Genesis was launched in 2018 and was actively advertised on carder forums as a convenient and useful solution for cybercriminals.
Each of the digital fingerprint sets for sale includes credentials from various accounts (billing accounts, social media profiles, file sharing services, and so on), cookies, user-agent details, WebGL signatures, and other browser information. and the victim's computer (often more than 100 different parameters). These datasets cost from 5 to 200 US dollars.
How do Genesis administrators collect this information? With the help of a wide variety of malware, because not every malicious program will immediately encrypt data and demand a ransom, or will start stealing the user's money. A wide variety of personal data of users fall into the hands of third parties, and in order to become a victim of such a leak, sometimes it is enough, for example, to install a malicious browser extension.
This information is sold by Genesis operators to other cybercriminals who engage in fraudulent operations related, for example, to identity theft, organizing the work of money mules, and so on. Moreover, these datasets can simply help to steal other people's money, personal photos, classified documentation, or allow using someone else's "disguise" as part of any large-scale operation, especially if the victim, for example, was a civil servant.
For the convenience of its customers, the creators of Genesis have developed a special extension for Chrome - Genesis Security. This extension allows an attacker to use the purchased digital "mask" to recreate the virtual identity of its real owner and thereby deceive the security systems.
Researchers explain the Genesis phenomenon quite simply. The fact is that in recent years, anti-fraud systems have become much "smarter" and are able to recognize suspicious account activity, noting even the smallest details. Digital "masks" purchased on Genesis allow attackers to imitate the real account owner as plausibly as possible and deceive protection, including payment systems and banks.
Analysts explain that if a security solution sees a "mask" that matches the one that the user applied earlier, then the transaction is likely to be approved. In this case, many banks will not even send a security code via SMS or push notification to confirm the operation. As you can see in the illustration above, in their ads, Genesis operators boast that they have carefully studied 47 analytical systems of 283 largest banks and payment systems.
