You are here: Home » News-ANI » Business
Business Standard

Digital doppelgangers being used to bypass anti-fraud measures: Kaspersky Lab


Global cybersecurity company has published results of an investigation into Genesis, an that is trading over 60,000 stolen and legitimate digital identities and making successful that much easier to conduct.

This marketplace as well as other involve abusing the machine-learning based anti-approach of digital masks -- a unique, trusted customer profile based on known device and behaviour characteristics.

Every time we enter our financial, payment and personal information in an online transaction, advanced, analytic, anti-solutions match us against something called a digital mask.

These masks are unique to each user and combine the fingerprints of devices and browsers commonly used to make payments and -- like screen and OS information, a range of browser data like headers, time zone, installed plugins, window size etc) with advanced analytics and (the individual user's cookies, online and computer behaviour.

That way, the financial organisations' anti-fraud teams can determine whether it is truly us entering our credentials, or a malicious carder trying to buy goods using a stolen card, and either approve or deny the transaction, or send it on for further analysis.

However, the digital mask can be copied or created from scratch. Kaspersky Lab's investigation has found that cybercriminals are actively using such digital doppelgangers to bypass advanced anti-fraud measures.

In February 2019, research uncovered the Genesis Darknet marketplace -- an selling stolen digital masks and user accounts at prices ranging from 5 to 200 dollars each.

Its customers simply buy previously stolen digital masks together with stolen logins and passwords to and payment services, and then launch them through a browser and proxy connection to mimic real user activity.

If they have the legitimate user's account credentials, the attacker can then access their or make new, trusted transactions in their name.

"We see a clear trend of carding fraud increasing around the world," said Sergey Lozhkin, a at "While the industry invests heavily in anti-fraud measures, digital doppelgangers are hard to catch," he said.

An alternative way to prevent the spread of this malicious activity is to shut down the fraudsters' infrastructure. That is why we urge law enforcement agencies across the world to pay extra attention to this issue and join the fight."

Other tools enable attackers to create from scratch their own unique digital masks that will not trigger

Kaspersky Lab researchers have investigated one such tool, a special Tenebris browser with an embedded configuration generator to develop unique fingerprints. Once created, the carder can simply launch the mask through a browser and proxy connection and conduct any


(This story has not been edited by Business Standard staff and is auto-generated from a syndicated feed.)

First Published: Mon, April 15 2019. 14:18 IST