Post Syndicated from Payal Dhar original https://spectrum.ieee.org/tech-talk/telecom/security/digital-doppelgngers-fool-advanced-antifraud-tech
With traces of a user’s browsing history and online behavior, hackers can build a fake virtual “twin” and use it to log in to a victim’s accounts
As new security technologies shield us from cybercrime, a slew of adversarial technologies match them, step for step. The latest such advance is the rise of digital doppelgängers—virtual entities that mimic real user behaviors authentic enough to fool advanced anti-fraud algorithms.
In February, Kaspersky Lab’s fraud-detection teams busted a darknet marketplace called Genesis that was selling digital identities starting from US $5 and going up to US $200. The price depended on the value of the purchased profile—for example, a digital mask that included a full user profile with bank login information would cost more than just a browser fingerprint.
The masks purchased at Genesis could be used through a browser and proxy connection to mimic a real user’s activity. Coupled with stolen (legitimate) user accounts, the attacker was then free to make new, trusted transactions in their name—including with credit cards.
Kaspersky security researchers described how hackers used software updates to push malware onto victims’ computers
When security researchers at Kaspersky Lab disclosed Operation ShadowHammer in March, they described how attackers tampered with software updates from PC-maker ASUSTeK Computer to install malware on victims’ computers. Now, new details revealed last week indicate the operation was even more insidious—it sabotaged developer tools, an approach that could spread malware much faster and more discreetly than conventional methods.
In ShadowHammer, a sophisticated group of attackers modified an old version of the ASUS Live Update Utility software and pushed out the tampered copy to ASUS computers around the world, said Kaspersky Lab. The Live Update Utility, which comes preinstalled in most new ASUS computers, automatically updates the set of firmware instructions that control the computer’s input and output operations, hardware drivers, and applications. The modified tool, signed with legitimate ASUSTeK certificates and stored on official servers, looked like the real thing. But once it was planted, it gave the attackers the ability to control the computer through a remote server and install additional malware.
ShadowHammer is an “example of how sophisticated and dangerous a smart supply chain attack can be,” said Vitaly Kamluk, Kaspersky’s director of the global research and analysis team.