Chrome 80 update cripples top cybercrime marketplace
Chrome 80 update cripples top cybercrime marketplace
90% of all stolen credentials on the Genesis Store came from the AZORult malware. Now, the malware doesn't work in Chrome 80.
Posted: 26 Feb 2020
A small change in the Google Chrome 80 browser has had a devastating effect on one of today's top cybercrime marketplaces.
According to new research shared with ZDNet this week by threat intelligence firm KELA, the Genesis Store is currently going through a rough patch, seeing a 35% drop in the number of hacked credentials sold on the site.
KELA says Genesis administrators are currently scrambling to fix their inventory deficit and feed the store with new credentials before customers notice a drop in new and fresh listings.
One could say that if they don't address the issues caused by the new Chrome 80 update, the store's entire future hangs in the balance.
Computer Type: PC/Desktop System Manufacturer/Model Number: Golden Mk. I.4 OS: Windows 10 Pro x64 CPU: Intel Core i7 860 @ 2.4 GHz Motherboard: Gigabyte P55A-UD3R Rev.1. Award BIOS F13 Memory: 16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24) Graphics Card: EVGA NVidia GTX 560 1024MB Sound Card: Realtek Integrated Monitor(s) Displays: Dual Samsung SyncMaster 2494HS Screen Resolution: 1920 x 1080 Keyboard: Logitech G110 Mouse: Logitech MX518 PSU: Thermaltake ToughPower QFan 750W Case: Thermaltake Element S VK60001W2Z Cooling: Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans Hard Drives: 1*Samsung 840 EVO 120GB SSD;
1*Samsung 850 EVO 120GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0 Internet Speed: 50Mb Up ; 20Mb down Browser: Chrome Antivirus: Windows Defender + malwarebyes
Computer Type: Laptop System Manufacturer/Model Number: MacBook Air OS: Windows 10 Pro Build 1909 Build 18363.657 (BootCamp) Browser: Chrome + FireFox Antivirus: Microsoft Defender
Computer Type: PC/Desktop System Manufacturer/Model Number: Golden Mk. I.4 OS: Windows 10 Pro x64 CPU: Intel Core i7 860 @ 2.4 GHz Motherboard: Gigabyte P55A-UD3R Rev.1. Award BIOS F13 Memory: 16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24) Graphics Card: EVGA NVidia GTX 560 1024MB Sound Card: Realtek Integrated Monitor(s) Displays: Dual Samsung SyncMaster 2494HS Screen Resolution: 1920 x 1080 Keyboard: Logitech G110 Mouse: Logitech MX518 PSU: Thermaltake ToughPower QFan 750W Case: Thermaltake Element S VK60001W2Z Cooling: Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans Hard Drives: 1*Samsung 840 EVO 120GB SSD;
1*Samsung 850 EVO 120GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0 Internet Speed: 50Mb Up ; 20Mb down Browser: Chrome Antivirus: Windows Defender + malwarebyes
Computer Type: Laptop System Manufacturer/Model Number: MacBook Air OS: Windows 10 Pro Build 1909 Build 18363.657 (BootCamp) Browser: Chrome + FireFox Antivirus: Microsoft Defender
This will be only a temporary complication. People should never ever store passwords in the browser.
Golden said:
Agree - always use a decent password manager for those.
Any reason for that? While password managers are usually more secure, I don't see much danger in using the browser. I always found firefox and chrome's password managers to be pretty secure. This site seems to steal them from browsers that are on systems with no password or an infected pc. So long as the device itself is secured. The system password is required to view them. Almost all sites that allow saved passwords to be used also require manual entry when trying to change anything in their account settings. So even if someone using your saved password to log into one of your sites, when they go to account settings there isn't much they can do when its requested again. Unless they start really trying to crack it, in which case if you're this targeted no security will save you anyway.
You can also provide your own master password to use instead of the default 256 bit google credentials encryption that the browser uses. I recommend that option more.
Any reason for that? While password managers are usually more secure, I don't see much danger in using the browser. I always found firefox and chrome's password managers to be pretty secure.
There are so many browser vulnerabilities abusing the inbuilt password managers, that people do not even bother reporting them anymore, they just get fixed on the go. Password managers with auto-fill enabled can be also exploited, but they are usually more secured and typically require user's interaction.
There are so many browser vulnerabilities abusing the inbuilt password managers, that people do not even bother reporting them anymore, they just get fixed on the go. Password managers with auto-fill enabled can be also exploited, but they are usually more secured and typically require user's interaction.
I use offline Keepass for important passwords and online Bitwarden for the rest.
hmm, i wonder if this is why google moved the browser autofill to gboard instead of within the browser on android. Recent change I noticed. And yes browser extensions could definitely cause issues. Makes sense.
I don't save any important passwords, I just remember them. All the ones I save are forums and convenience stuff that wouldn't matter if it was compromised.
Getting people to use a password manager has proven difficult for me, so I just have them use chrome's password manager with two factor enabled on their google account and hope it's enough. At least chrome is pretty fast at resolving vulnerabilities.
Source: Venture into the digital worlds of Minecraft Marketplace’s free educational content | Windows Experience Blog
1242511632250605570
1242447667638276098
so I'm having this really annoying problem with my laptop + desktop with Facebook market place, is that when I click on an item I'm interested in, a window is supposed to pop open and I can see the description and bigger photo's, but now only the...