A coordinated international law enforcement effort has taken down the Genesis Market, an illegal online marketplace dedicated to selling stolen credentials related to emails, bank accounts and social media platforms.
The seizure of infrastructure was accompanied by a massive crackdown involving authorities in 17 countries, resulting in 119 arrests and 208 property searches in 13 countries.but .market onion mirror seems to be still working.
‘Unprecedented’ laws execution Exercises are codenamed Operation Cookie Monster.
Since its launch in March 2018, the Genesis Market has evolved into a major hub for criminal activity, providing access to data stolen from over 1.5 million compromised computers worldwide, with a total of 80 million victims. We provide more than credentials.
According to data, the majority of infections associated with Genesis Market-related malware have been detected in the United States, Mexico, Germany, Turkey, Sweden, Italy, France, Spain, Poland, Ukraine, Saudi Arabia, India, Pakistan, Indonesia, etc. increase. Collected by Trellix.
Prominent malware families distributed through the service to compromise victims include AZORult, Raccoon, RedLine, and DanaBot. All of these can steal sensitive information from the user’s system. Also delivered via DanaBot is a rogue Chrome extension designed to siphon browser data.
“Account access credentials sold on the Genesis Market included those associated with the financial sector, critical infrastructure, and federal, state, and local government agencies,” the U.S. Department of Justice (DoJ) said in a statement. said in
The DoJ calls Genesis Market one of the “most prolific Initial Access Brokers (IABs) in the cybercrime world.”
In addition to credentials, Genesis also pitched device fingerprints (which include unique identifiers and browser cookies) to allow attackers to evade anti-fraud detection systems used by many websites.
“The combination of stolen access credentials, fingerprints, and cookies allows the purchaser to trick third-party websites into thinking that the Genesis Market user is the actual owner of the account, thus revealing the identity of the victim. We were able to infer that,” added the DoJ.
According to court documents, the U.S. Federal Bureau of Investigation (FBI) accessed Genesis Market’s back-end servers twice, in December 2020 and May 2022, and obtained information about approximately 59,000 users of the cybercrime bazaar. Turns out I had access.
According to Europol and Eurojust, packages of stolen information collected from infected computers (aka “bots”) sold between $0.70 and hundreds of dollars depending on the nature of the data.
Europol notes that “the most expensive ones contain financial information that allows access to online banking accounts,” and that criminals who buy the data can use it without attention. It also provided additional tools for
“Purchasers were provided with custom browsers that mimicked those of victims, allowing criminals to access victim accounts without triggering security measures from the platform on which the accounts reside. was made.”
Its own Chromium-based browser, called Genesium Browser, is cross-platform, with maintainers claiming features like “anonymous surfing” and other advanced features that allow users to bypass anti-fraud systems.
Unlike Hydra and other illicit marketplaces, Genesis Market is also accessible via clearnet, allowing entry of less-skilled threat actors looking to obtain digital identities to compromise personal accounts and corporate systems. Barriers are lowered.
Learn How to Protect Your Identity Perimeter – A Proven Strategy
Improve your business security in our upcoming expert-led cybersecurity webinar: Exploring Identity Perimeter Strategies!
Don’t miss it – secure your seat!
The removal is expected to have “ripple effects across the underground economy” as threat actors look for alternatives to fill the void left by the Genesis Market.
Genesis Market is the latest in a long line of illegal services taken down by law enforcement. It also arrives exactly one year after the demolition of Hydra, which was taken down by law enforcement in April 2022, resulting in a “dramatic change in the landscape of the Russian-language darknet market.”
“Almost a year after Hydra’s demise, five markets — Mega, Blackspruit, Solaris, Kraken and OMG!OMG! Markets — have emerged as the biggest players based on offer volume and number of sellers.” Flashpoint said in a new report. report.
This development also follows the launch of a new dark web marketplace known as STYX, primarily aimed at financial fraud, money laundering and identity theft. It is said to have opened around January 19, 2023.
“Examples of specific services sold on STYX include cashout services, data dumps, SIM cards, DDOS, 2FA/SMS bypass, forged and stolen identity documents, banking malware, and more,” Resecurity said. in a detailed article. .
Similar to Genesis Market, STYX also offers utilities designed to bypass anti-fraud solutions and access compromised accounts. These utilities use detailed digital identifiers such as stolen cookie files, physical device data, and network settings to impersonate legitimate customer logins.
The emergence of STYX as a new platform in the commercial cybercrime ecosystem means that the market for rogue services remains a lucrative business, allowing malicious actors to profit from stolen credentials and payment data. Another sign that you are
“The majority of STYX marketplace vendors specialize in fraud and money laundering services targeted at popular digital banking platforms, online marketplaces, e-commerce and other payment applications,” said Resecurity. increase. “The regions targeted by these attackers are global, spanning the US, EU, UK, Canada, Australia, and multiple countries in APAC and the Middle East.”
