Genesis Botnet: The Market Claiming to Sell Bots That Bypass Fingerprinting ControlsApril 3, 2018
An emerging criminal market, Genesis store, provides more effective ways to impersonate a victim’s browser activity, focusing on individual bots rather than huge botnets, and monetizing them in a completely different way. Such an approach may allow criminals to utilize bots with higher efficiency, thus revealing new attack and fraud methods.
Figure 1: Adverts for the Genesis Store on a carding forum
Evolution of fingerprinting controls
Device fingerprinting collects information about a computer in order to identify an individual user. This is a pretty handy technique for retailers and banks who want to prevent fraudsters. Typically, anti-fraud solutions take known fraudulent activity and seek to block transactions that have a similar device fingerprint. This has become and cat-and-mouse affair, as criminals look to randomize their fingerprint with the help of various online services (many of which were covered in our report, Inside Online Carding Courses Designed for Cybercriminals ). In response, anti-fraud technologies take into account a broader set of characteristics.
Criminals, therefore, look to the machines of their victims in order to evade detection. However, obtaining this array of information is challenging. That’s where Genesis comes in. Genesis Store seeks to provide a single solution to emulate this approach, providing access to victims device footprints, accounts, and personal information. The store – registered in November 2017 and still in beta mode – claims to be the result of research conducted across the antifraud technologies used by 283 major banks and payments systems.
Access to a wide range of data
In order to emulate the legitimate users, Genesis provides customers with a wide range of information such as fingerprints, cookies, logs, saved passwords, and personal information.
This information is acquired from web injects, form grabbers and passwords saved in browsers. As these sources get more detailed or updated data, that data is automatically pushed into the store and made available to users. While this means that not all information is verified, it provides a more scalable business model for the administrators.
Figure 2: A screenshot of the Genesis Store
For less than fifty dollars, users can buy a bot on the Genesis site, which includes the fingerprint, accounts, and cookies (unsurprisingly, the store does not use or sell any products connected with the Russian Commonwealth). For free you also get the Genesis Application, a browser plugin.
The plug-in claims to work with any operating system on Chrome-like browsers (Chrome, Iron, Iridium and others) and provides a seamless way to access the user fingerprint. The plug-in automatically updates and offers additional information on cookies and login data, as well as holder details, security answers, and card details.
Figure 3: The Genesis Security plugin
Innovative monetization techniques
Instead of focusing on selling large quantities of bots in bulk, Genesis focuses on the individual quality of each bot. The actors behind the botnet also have a very clear idea of how to monetize this. For example, their configurations must be used with their own plugin, and will not work without doing so. This is a similar business model to buying games for a Nintendo – you need to buy their own cartridges.
What to look out for
The site makes big claims about its capabilities and it will live and die by how it matches up to these promises. As with all new marketplaces, its success will also depend on user adoption, quality of goods, site security and user experience. Nevertheless, Genesis is still in beta mode yet appears to have picked up a good amount of interest since it was registered in November 2017. There are over 1500 bots available to buy and, at the time of analysis, eight bots had been purchased in the last 20 minutes.
As the site develops and grows out of beta mode and the claimed capabilities are realised, the shift to using more individual bots could have an impact on organization’s ability to combat fraud.
To keep up with our latest in threat intelligence, subscribe here.