ZDNet reported something surprising. A new dark web market called Genesis is selling users' personal data, complete with digital fingerprints, such as account credentials, cookies, browser user-agent details, and more. This new marketplace is like nothing that has ever been seen on the hacking scene until now. Genesis' main product is users' full digital profiles.
Each user profile includes login credentials for accounts on online payment portals, e-banking services, file-sharing or social networking services, but also the cookies associated with those accounts, browser user-agent details, WebGL signatures, HTML5 canvas fingerints, and other browser and PC details.
Genesis operators make their profits by selling this information on their marketplace to other cyber-criminal groups. The marketplace's main clientele are cyber-criminal engaged in online fraud, identity theft, and money mule operations.
Genesis buyers can acquire a user's digital identity for prices ranging from $5 to $200 and then log into that user's account to steal funds, personal photos, sensitive or proprietary documents, or submit official papers on his behalf (to government-related agencies).
To use any of the user identities crooks buy from Genesis, buyers will have to install a Chrome extension that has been created by the Genesis team. This extension, provided free of charge to any buyer, automatically imports and applies a Genesis-bought identity, transforming the buyer's browser into a near-identical clone of the real user's browser.
Yikes. These guys have created virtual mules, no more pesky, unreliable human mules required. Full story at ZDNet.