A “notorious hacker marketplace” that sold access to infected devices and stolen account credentials has been shut down by international law enforcement agencies, the US Department of Justice and Europol announced today. The operation targeting Genesis Market, he said, involved 17 countries, seized the platform’s infrastructure, and resulted in “119 arrests, 208 property searches, and 97 knock-and-talk actions.” Europol said.
The now-shutdown Genesis Market “advertised and sold packages of account access credentials, including email, bank account and social media usernames and passwords, stolen from malware-infected computers around the world.” Justice Department said. The so-called “Operation Cookie Monster” seized 11 domain names pursuant to a warrant granted by the United States District Court for the Eastern District of Wisconsin.
Genesis Market’s public website has been taken down, but its .onion domain was still accessible on the dark web using Tor today. Law enforcement appears to be looking for at least some of the people behind the platform, as domain seizure messages seek tips from those who have been in contact with Genesis Market administrators. , said Genesis Market is “believed to be in Russia.”
Europol said: hacker. ”
Genesis Market reportedly had about 59,000 registered users. According to Europol, the market’s “primary criminal product was digital identities” or “what market owners called ‘bots’ that infected victims’ devices with malware or account takeovers.”
Operation Cookie Monster was led by the FBI and the Dutch National Police, with the cooperation of Europol.
“Custom browser” that mimics the victim’s device
The Genesis Market emerged in March 2018 and since then has “provided access to data containing over 80 million account access credentials stolen from over 1.5 million compromised computers worldwide.” ‘ said the Department of Justice.
Purchasing a bot from the Genesis Market “gives criminals access to all data collected by the bot, including fingerprints, cookies, saved logins and form auto-fill data,” Europol said. I’m here. The cheapest bot he sold for less than a dollar, while others fetched hundreds of dollars and provided access to online banking accounts.
Europol said Genesis Market shoppers were “provided with a custom browser that mimics the victim’s account,” allowing them to “access the victim’s account without triggering security measures from the platform on which the account resides.” ”, he said. These security measures are different login locations, different browser fingerprints, or different operating systems. ”
Brian Krebs reports that Genesis offers “a custom web browser plug-in that can load a Genesis bot profile, allowing the browser to adjust everything from screen size and refresh rate to associated with a unique user agent string. , which mimics almost every significant aspect of the victim’s device: the victim’s web browser.”
DOJ says it accessed the Genesis Market user database. “The database contains a history of all user purchases and activities, which the federal government said helped reveal the true identity of many users,” Krebs wrote.
3 big takedowns in the past year
The removal of Genesis Market follows similar actions against Hydra Market in April 2022 and BreachForums in March 2023. The DOJ claims that these three operations over the last year have “dismantled the darknet’s largest marketplace.”
The Justice Department said the victim’s credentials obtained during Operation Cookie Monster were provided to HaveIBeenPwned.com to help determine whether they were involved in the data breach.
The Treasury Department’s Office of Foreign Assets Control (OFAC) said it has designated the Genesis Market. This means that “all property and interests in any entity located in the United States or owned or controlled by a United States person must be blocked and reported to OFAC.” .” Further, “Whoever engages[s] Certain transactions with named entities today may themselves expose themselves to sanctions. ”
