View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

This Dark Web Store Deals in “Digital Doppelgangers” – Unique Chromium Plugin, Anti Fraud-Busting Tools

"Systems for protection and fingerprint substitution"

By CBR Staff Writer

Criminals behind a shop on the Dark Web that is trading over 60,000 “digital identities” have developed a wide range of sophisticated tools to help users bypass machine learning-based anti-fraud systems, researchers at Kaspersky Lab say.

Customers using Genesis marketplace can purchase unique “digital masks”, or hijack those of legitimate online shoppers; piggybacking on the behavioural characteristics of innocent users to circumvent anti-fraud software, the company said.

Digital Masks: Highly Sought After

How does this work? Each online device carries with it a digital fingerprint – a combination of system attributes that are unique to each device and personal behavioral attributes of the user himself. The device fingerprint includes IP address (external and local); firmware version, GPU info, WebRTC IPs, TCP/IP fingerpring, cookies and more.

digital masksAs Kaspersky Lab notes, modern anti-fraud solutions also analyse the user’s social network accounts (third-party cookies check) and various aspects of his/her behavior, including time spent at an online store website; mouse/touchscreen behaviour and more.

“Anti-fraud system may ‘red flag’ various tricks, but the main idea is to make sure that the user’s collected digital identity had been used for transactions before, such transactions had been legitimate, or that the digital fingerprint is completely unique and used for the first time,” the company said.

Uncovering the Genesis Darknet Marketplace

In February 2019, Kaspersky Lab research uncovered the Genesis Darknet marketplace – an online shop selling stolen digital masks and user accounts at prices ranging from $5 to $200 each.

Its customers simply buy previously stolen digital masks together with stolen logins and passwords to online shops and payment services, and then launch them through a browser and proxy connection to mimic real user activity.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The store’s owners have even developed a special .crx plugin for Chromium-based browsers (like Google Chrome and Microsoft’s new Edge Chromium).

The plugin allows users to install stolen digital profiles into their own browser with a single mouse click; allowing them to become a “doppelganger of the victim”.

“After that the bad guy only needs to connect to a proxy server with an IP address from the victim’s location and he can bypass the anti-fraud systems’ verification mechanisms, pretending to be a legitimate user.”

Anti-Fraud Bypass: Custom Tenebris Subscription

Other tools enable attackers to create from scratch their own unique digital masks that won’t trigger anti-fraud solutions.

Kaspersky Lab researchers have investigated one such tool, a special Tenebris Sphere browser with an embedded configuration generator to develop unique fingerprints. (Its standard iteration boasts “systems for protection and fingerprint substitution (GPU, Audio, Canvas, Plugins, Fonts, ClientRects, Ubercookies) automatically changing them for each new identity. Nobody can recognize configuration of your real computer if you surf with Sphere – it protects you against any identification attempt.”)


“There has much deeper fingerprint configuration options for generated fingerprints. Most of the parameters are fully adjustable for an opportunity to create exactly the fingerprint one needs to mimic a real user”

A more powerful version uses a subscription-based licensing system. One month’s worth of the browser usage costs $100. (With access to the Genesis fingerprints market thrown in, the price is $500 per month.)

As cybercriminals become increasingly sophisticated in dodging tools set up to catch them, Kaspersky recommends that online businesses ramp up their efforts to protect online shoppers.

This could include multi-factor authentication at every stage of user validation processes; new methods of additional verification, such as biometrics; and the integration of Threat Intelligence feeds into SIEM and other security controls in order to get access to the most relevant and up-to-date threat data.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.