Genesis Marketplace Selling Ready-Made Digital Identities Discovered

At the Security Analyst Summit 2019, researchers from Kaspersky Lab reported the discovery of an unusual online marketplace called Genesis. Unlike typical platforms that sell stolen personal data, Genesis offers over 60,000 ready-made digital identities—comprehensive profiles containing users’ online behavior, browsing history, operating system details, browser information, installed plugins, and more.

What Is Genesis and How Does It Work?

Genesis launched in 2018 and quickly gained popularity on carding forums as a convenient and valuable tool for cybercriminals. Each digital fingerprint package for sale includes login credentials for various accounts (such as payment services, social media profiles, and file-sharing services), cookies, user-agent details, WebGL signatures, and other information about the victim’s browser and computer—often more than 100 different parameters. These data sets are sold for prices ranging from $5 to $200.

How Is the Data Collected?

Genesis administrators gather this information using a variety of malware. Not every malicious program immediately encrypts data for ransom or steals money; some simply collect personal data. Victims can have their information stolen by something as simple as installing a malicious browser extension. The operators of Genesis then sell this data to other cybercriminals, who use it for fraudulent activities such as identity theft, money mule operations, and more. These data sets can also be used to steal money, personal photos, confidential documents, or to impersonate someone in large-scale operations—especially if the victim is, for example, a government employee.

Tools for Cybercriminals

To make things even easier for buyers, Genesis creators developed a special Chrome extension called Genesis Security. This extension allows criminals to use a purchased digital “mask” to recreate the virtual identity of the real owner, helping them bypass security systems.

Why Is Genesis So Effective?

Researchers explain that anti-fraud systems have become much smarter in recent years, capable of detecting suspicious account activity by analyzing even the smallest details. The digital identities sold on Genesis allow criminals to convincingly imitate the real account owner, helping them bypass protections used by payment systems and banks.

If a security system detects a “mask” that matches the one previously used by the legitimate user, the transaction is much more likely to be approved. In many cases, banks won’t even send a security code via SMS or push notification to confirm the transaction. According to Genesis’s own advertising, its operators have studied 47 analytics systems used by 283 of the world’s largest banks and payment systems to ensure their products are effective.

Conclusion

The emergence of marketplaces like Genesis highlights the growing sophistication of cybercrime and the need for users to be vigilant about their online security. Even something as simple as a browser extension can put your digital identity at risk.