- Genesis market sells digital fingerprints, digital identity, cookies, credit card information, sensitive documents, website user logins, and passwords.
- Based on the value of the information, each digital profile is sold at a price ranging from $5 to $200.
What is the issue - At the Kaspersky Security Analyst Summit conference, Kaspersky Lab researchers have revealed that they have uncovered a new cybercrime marketplace named ‘Genesis’ where cybercriminals are selling full digital fingerprints for over 60,000 users.
What is sold - Genesis market sells digital fingerprints, digital identity, cookies, credit card information, sensitive documents, browser user-agent details, WebGL signatures, website user logins, and passwords.
What is the price range - Based on the value of the information, each digital profile is sold at a price ranging from $5 to $200.
The big picture
The digital profiles available for sale on the Genesis cybercrime market were stolen from users who got infected by malware in the past or who have unknowingly installed rogue browser extensions that have collected browser details, accounts, logins, passwords, and browsers cookies and sent to the Genesis operators.
- Genesis operators then sell these collected data to other cybercriminals who are engaged in online fraud, identity theft, etc.
- Cybercriminals buy these digital identities and use them to steal funds, sensitive documents, and other personal information.
In order to buy from the Genesis store, buyers have to install a Chrome extension created by the Genesis team. The Genesis store includes a search panel which allows buyers to quickly locate the required profile and add to their browsers in a single click.
- Once a digital profile has been added to the buyer’s browser, the buyer will become a virtual doppelganger of the user who got his digital fingerprint stolen.
- For buyers who don’t want to buy real fingerprints, there is also an option to generate fake fingerprints.
“Genesis Store gives its customers an opportunity to use Genesis algorithms and the plugin to generate random fingerprints that can be used, for example, to enter stolen bank card information into online store forms: such unique browser fingerprints will be properly configured, so the anti-fraud system will not be alarmed,” researchers described.