The days of brute-forcing passwords to break into someone’s account are long gone. Today’s online criminals are much more sophisticated, but a change in Google’s Chrome browser has at least temporarily crippled one of the most prominent hacking marketplaces in the world. The Genesis Store has relied almost entirely on data solen via the AZORult malware, but it no longer works in the recently released Chrome 80.
The Genesis Store has gained prominence because it doesn’t just sell stolen logins. This is one of several sites that offer hackers access to user “fingerprints” that include not only passwords but also IP addresses, browser cookies, user-agent strings, and more. This data allows a hacker to impersonate the target almost perfectly — online systems won’t detect these logins, as they will look like an ongoing, authorized session. Fingerprints like these can even get past two-factor authentication.
Naturally, hackers are willing to pay big bucks for fingerprints, and the Genesis Store even provides a browser extension to apply one’s purchased fingerprints. Since its launch in 2018, the Genesis Store has been adding hundreds of thousands of new fingerprints each month, and no one knew for sure where it got them until recently. Researchers from Kela security scraped the listings from the site, discovering that almost all the fingerprints came from the AZORult malware.
AZORult is a “trojan stealer” that can export data from infected PCs to a remote server. It was widely distributed in 2018 and 2019, and that Genesis Store appropriated it specifically to steal saved passwords from Chrome. The release of Chrome 80 upset the store’s plans, though. Chrome 80 changed to an AES-256 algorithm to hash passwords, and that breaks AZORult. That, in turn, has broken the Genesis Store. It’s like a matryoshka doll of internet malfeasance.
Last year, the Genesis Store got about 18,000 new fingerprints per day, but now that number is down to barely 600. The site’s catalog of fingerprints has dropped from 335,000 to about 200,000 in recent days. The original developer of AZORult has long since vanished into the depths of the internet, and no one has the source code. Despite the success of the malware, it’s now useless for stealing Chrome data with no way to update the code.
Unfortunately, this will probably not be the end of the Genesis Store. The latest data shows the site has been testing new malware strains to collect data. As always, your best bet is to keep your system up-to-date and avoid installing anything suspicious.
Top image credit: Getty Images
- Researchers Steal Data From Computer Using Monitor Brightness
- Google Offering $1 Million to Hack Its Titan M Security Chip
- Hackers Spied on Microsoft Email Accounts Via Compromised Admin Login