Malware Intelligence
mins read

The Upsurge of Digital Fingerprints in Underground Marketplaces

The Upsurge of Digital Fingerprints in Underground Marketplaces

October 1, 2020
Green Alert
Last Update posted on
February 3, 2024
Proactive Monitoring of the Dark Web for your organization.

Proactively monitor and defend your organization against threats from the dark web with CloudSEK XVigil.

Schedule a Demo
Table of Contents
Author(s)
No items found.

 

Digital fingerprints are unique slices of information related to software and hardware components of each device, in addition to the user’s distinguishable characteristics. Device fingerprinting gathers information about a computer to identify an individual user, regarding it as a digital asset.

A device’s fingerprints include its:

  • IP address (external and local),
  • Screen information (screen resolution, window size),
  • Firmware version,
  • Operating system version,
  • Browser plugins installed,
  • Timezone,
  • Device ID,
  • Battery information,
  • Audio system fingerprint,
  • GPU info,
  • WebRTC IPs,
  • TCP/ IP fingerprint,
  • Passive SSL/ TLS analysis,
  • Cookies, and many more.

Digital fingerprints also include the following attributes of individual users; their social network accounts (third-party cookie tracking) and various aspects of his/ her behavior:

  • Time spent on e-commerce websites
  • Website click locations
  • Items of interest, the typical amount of money spent on such items, virtual or real merchandise, etc.
  • Mouse/ touchscreen behavior
  • System configuration changes

 

Underground marketplace tout digital identities

SIRUS Shop is an online cybercriminal, private marketplace that trades stolen digital fingerprints. This new Russian underground marketplace – SIRIUS Shop Online – sells tens of thousands of compromised digital fingerprints, enabling threat actors to commit online fraud. At the moment it offers more than 20k+ stolen profiles. These profiles include browser fingerprints, website user logins and passwords, cookies, and credit card information. The price of these profiles varies from $1 – $27 – it hugely depends on the value of the information in the profile. SIRIUS has been active since June 2020 and also helps sellers to set up their own shop on the market. They advertise the availability of these digital fingerprints on one of their underground carding forums. 

 

SIRIUS Shop sells :

  • Credit card details
  • Dumps
  • SSN
  • Scan ID, DL
  • Logs bot full dump
  • SHELL
  • CRM Panel
  • CMS Panel
  • Emails and password databases

 

SIRIUS Home page digital fingerprints
SIRIUS Home page

 

Bot Profile Dumps

The operators of SIRIUS Shop deliver malware to steal digital fingerprints from user devices and other information such as user account credentials, browser cookies from online payment portals, stores and even bank accounts. Such digital assets are then sold on the underground forum. 

Users who have been infected with malware in the past or have installed rogue browser extensions, have unknowingly had their account passwords and full browser details recorded, and then sent to SIRIUS operators. In some cases they also acquire information via web injects, form grabbers, and passwords saved in browsers. The operators scour for more of such data and updates related to the data, which is then pushed to their online underground store.

Each user profile includes login credentials for their accounts on online payment portals, e-banking services, file-sharing, or social networking services. It also comprises the cookies associated with those accounts, browser user-agent details, WebGL signatures, HTML5 canvas fingerprints, and other browser and PC details.

The user profiles are then imported into the SIRIUS Shope, where it’s indexed; cybercriminals then perform an easy search by parameter, to find the types of profiles they’re interested in. 

 

SIRIUS Store page
SIRIUS Store page

SIRIUS Store has a configurable search panel that allows threat actors to track down specific user fingerprints. One can search for credentials from a particular website, the victim’s country, operating system, the date the profile first appeared at the market.

 

SIRIUS Search Panel
SIRIUS Search Panel

These logs provide leeway to threat actors and make credit-card frauds easier. The marketplace sells digital identities along with stolen credentials to online shops and payment services that were exposed previously. Anyone who gets hold of such digital assets, launches them through a browser and proxy connection to masquerade as a real user and commits fraud undetected. By doing so, the attacker can then access the victim’s online accounts or make new, trusted transactions in their name. Their social media accounts are also susceptible.

 

Preventive Measures

For website owners

  • Install an SSL Certificate

Data is transferred constantly between the user’s browser and your web server. Without an SSL certificate, this data (cookies) is sent in clear-text format. Thereby allowing a hacker to intercept the plain text easily. Thus, login credentials and other sensitive information in the data is left exposed. 

SSL (Secure Sockets Layer) encrypts the data before it’s transferred. So even if a hacker manages to steal it, they won’t be able to read the data. You can get an SSL certificate through your web hosting company or from an SSL provider. You can also get a basic free SSL certificate from Let’s Encrypt.

  • Install a Security Plugin

A security plugin’s firewall generally prevents attempts to hack your website and blocks malicious IP addresses. Also, it scans your site regularly and alerts you if hackers try to enter malicious code, in which case you can clean up your website instantly. This will help you detect and delete such attempts before they can cause any harm.

  • Update Your Website

Update your website regularly including the installation, themes, and plugins. Outdated software can create vulnerable spots on a website which in turn lures in hackers. Check for latest updates by the vendor. These updates carry new features, address bugs in the website and also fix security flaws from time to time.

 

For website visitors

  • Install an Effective Anti-virus

Ensure the device you’re using to access the internet has anti-malware software installed. It detects and alerts you of any malware found on malicious sites. It also removes any malware that you might accidentally download or install on your system.

  • Never Click on Suspicious Links

Avoid clicking on suspicious links and be especially cautious of the ones that advertises attractive offers or discounts.

  • Avoid Storing Sensitive Data

For a quick and convenient check-out, users tend to store their payment details (such as credit card information) on shopping websites. Some even choose to save passwords on web browsers to auto log into websites. But these convenient options come at a great cost. Never store sensitive data on websites or browsers. 

  • Clear Cookies

Remember to clear cookies regularly to get rid of any sensitive information stored on browsers. 

 

Conclusion

Online marketplaces that trade databases and dumps are quite ubiquitous and as authorities fail to keep up with such sites, more and more users have their identities stolen and sold on such sites. Since most victims fall prey to such malicious attempts due to their presence on the internet, website owners should take steps to ensure safe and secure experience on their sites. Enabling extra layers of security such as the two-factor authentication system is one way of going about it. They can also consider an additional biometric authentication method.

Author

Predict Cyber threats against your organization

Schedule a Demo
Related Posts
Blog Image
Adversary Intelligence

Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure

CloudSEK's threat research team has uncovered a ransomware attack disrupting India's banking system, targeting banks and payment providers. Initiated through a misconfigured Jenkins server at Brontoo Technology Solutions, the attack is linked to the RansomEXX group.

Blog Image
Ransomware
November 4, 2023

Underground Marketplace Unveils New Ransomware Offering QBit with Advanced Encryption & Customization

On 23 October 2023, CloudSEK’s Threat Intelligence Team detected a Ransomware-as-a-Service (RaaS) group, named QBit introducing a newly developed ransomware written in Go, boasting advanced features to optimize its malicious operations.

Blog Image
Malware
July 28, 2023

Amadey Equipped with AV Disabler drops Redline Stealer

Our researchers have found out The Amadey botnet is now using a new Healer AV disabler to disable Microsoft Defender and infect target systems with Redline stealer.

Join 10,000+ subscribers

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.

Take action now

Secure your organisation with our Award winning Products

CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.

CloudSEK XVigil

Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.

Learn more about XVigil
CloudSEK SVigil

Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.

Learn more about SVigil
CloudSEK SVigil

Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.

Learn more about BeVigil Ent
CloudSEK BeVigil

Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.

Learn more about BeVigil
Malware Intelligence

min read

The Upsurge of Digital Fingerprints in Underground Marketplaces

The Upsurge of Digital Fingerprints in Underground Marketplaces

Authors
Co-Authors
No items found.

 

Digital fingerprints are unique slices of information related to software and hardware components of each device, in addition to the user’s distinguishable characteristics. Device fingerprinting gathers information about a computer to identify an individual user, regarding it as a digital asset.

A device’s fingerprints include its:

  • IP address (external and local),
  • Screen information (screen resolution, window size),
  • Firmware version,
  • Operating system version,
  • Browser plugins installed,
  • Timezone,
  • Device ID,
  • Battery information,
  • Audio system fingerprint,
  • GPU info,
  • WebRTC IPs,
  • TCP/ IP fingerprint,
  • Passive SSL/ TLS analysis,
  • Cookies, and many more.

Digital fingerprints also include the following attributes of individual users; their social network accounts (third-party cookie tracking) and various aspects of his/ her behavior:

  • Time spent on e-commerce websites
  • Website click locations
  • Items of interest, the typical amount of money spent on such items, virtual or real merchandise, etc.
  • Mouse/ touchscreen behavior
  • System configuration changes

 

Underground marketplace tout digital identities

SIRUS Shop is an online cybercriminal, private marketplace that trades stolen digital fingerprints. This new Russian underground marketplace – SIRIUS Shop Online – sells tens of thousands of compromised digital fingerprints, enabling threat actors to commit online fraud. At the moment it offers more than 20k+ stolen profiles. These profiles include browser fingerprints, website user logins and passwords, cookies, and credit card information. The price of these profiles varies from $1 – $27 – it hugely depends on the value of the information in the profile. SIRIUS has been active since June 2020 and also helps sellers to set up their own shop on the market. They advertise the availability of these digital fingerprints on one of their underground carding forums. 

 

SIRIUS Shop sells :

  • Credit card details
  • Dumps
  • SSN
  • Scan ID, DL
  • Logs bot full dump
  • SHELL
  • CRM Panel
  • CMS Panel
  • Emails and password databases

 

SIRIUS Home page digital fingerprints
SIRIUS Home page

 

Bot Profile Dumps

The operators of SIRIUS Shop deliver malware to steal digital fingerprints from user devices and other information such as user account credentials, browser cookies from online payment portals, stores and even bank accounts. Such digital assets are then sold on the underground forum. 

Users who have been infected with malware in the past or have installed rogue browser extensions, have unknowingly had their account passwords and full browser details recorded, and then sent to SIRIUS operators. In some cases they also acquire information via web injects, form grabbers, and passwords saved in browsers. The operators scour for more of such data and updates related to the data, which is then pushed to their online underground store.

Each user profile includes login credentials for their accounts on online payment portals, e-banking services, file-sharing, or social networking services. It also comprises the cookies associated with those accounts, browser user-agent details, WebGL signatures, HTML5 canvas fingerprints, and other browser and PC details.

The user profiles are then imported into the SIRIUS Shope, where it’s indexed; cybercriminals then perform an easy search by parameter, to find the types of profiles they’re interested in. 

 

SIRIUS Store page
SIRIUS Store page

SIRIUS Store has a configurable search panel that allows threat actors to track down specific user fingerprints. One can search for credentials from a particular website, the victim’s country, operating system, the date the profile first appeared at the market.

 

SIRIUS Search Panel
SIRIUS Search Panel

These logs provide leeway to threat actors and make credit-card frauds easier. The marketplace sells digital identities along with stolen credentials to online shops and payment services that were exposed previously. Anyone who gets hold of such digital assets, launches them through a browser and proxy connection to masquerade as a real user and commits fraud undetected. By doing so, the attacker can then access the victim’s online accounts or make new, trusted transactions in their name. Their social media accounts are also susceptible.

 

Preventive Measures

For website owners

  • Install an SSL Certificate

Data is transferred constantly between the user’s browser and your web server. Without an SSL certificate, this data (cookies) is sent in clear-text format. Thereby allowing a hacker to intercept the plain text easily. Thus, login credentials and other sensitive information in the data is left exposed. 

SSL (Secure Sockets Layer) encrypts the data before it’s transferred. So even if a hacker manages to steal it, they won’t be able to read the data. You can get an SSL certificate through your web hosting company or from an SSL provider. You can also get a basic free SSL certificate from Let’s Encrypt.

  • Install a Security Plugin

A security plugin’s firewall generally prevents attempts to hack your website and blocks malicious IP addresses. Also, it scans your site regularly and alerts you if hackers try to enter malicious code, in which case you can clean up your website instantly. This will help you detect and delete such attempts before they can cause any harm.

  • Update Your Website

Update your website regularly including the installation, themes, and plugins. Outdated software can create vulnerable spots on a website which in turn lures in hackers. Check for latest updates by the vendor. These updates carry new features, address bugs in the website and also fix security flaws from time to time.

 

For website visitors

  • Install an Effective Anti-virus

Ensure the device you’re using to access the internet has anti-malware software installed. It detects and alerts you of any malware found on malicious sites. It also removes any malware that you might accidentally download or install on your system.

  • Never Click on Suspicious Links

Avoid clicking on suspicious links and be especially cautious of the ones that advertises attractive offers or discounts.

  • Avoid Storing Sensitive Data

For a quick and convenient check-out, users tend to store their payment details (such as credit card information) on shopping websites. Some even choose to save passwords on web browsers to auto log into websites. But these convenient options come at a great cost. Never store sensitive data on websites or browsers. 

  • Clear Cookies

Remember to clear cookies regularly to get rid of any sensitive information stored on browsers. 

 

Conclusion

Online marketplaces that trade databases and dumps are quite ubiquitous and as authorities fail to keep up with such sites, more and more users have their identities stolen and sold on such sites. Since most victims fall prey to such malicious attempts due to their presence on the internet, website owners should take steps to ensure safe and secure experience on their sites. Enabling extra layers of security such as the two-factor authentication system is one way of going about it. They can also consider an additional biometric authentication method.