FBI seizes notorious Genesis Market in Operation Cookie Monster

The domains of Genesis Market, one of the most popular marketplaces for stolen credentials of all types, were seized by law enforcement earlier this week as part of Operation Cookie Monster.

The action is a blow to the cybercriminal world as Genesis was one of the major players offering both consumer and enterprise account identities.

Find administrators

While authorities have yet to issue any press releases about the takedown, access to Genesis Market domains shows a banner indicating that the FBI has executed a seizure warrant.

It appears that the market administrators have not been arrested or identified as the FBI is interested in anyone in contact with them. Whoever is behind Genesis Market has kept a low profile all these years indicating good knowledge of operational security.

Genesis Market domains seized by the FBI
FBI seizes domains from Genesis Market
source: BleepingComputer

The FBI informs that the action was possible with the support of multiple organizations in the public and private sectors.

“These seizures were possible through international law enforcement and private sector coordination,” reads the seizure banner, which includes nearly two dozen partners.

Alexander Martin of The written record that the dismantling of Genesis Market resulted in a large number of arrests around the world.

Genesis, the digital identity market

Genesis Market started in alpha stage in late 2017 and in 2020 it became the most popular online store for account credentials for various services, device fingerprinting and cookies.

Market operators used information-stealing malware to collect identifiers as well as fingerprinting data (e.g. cookies, IP addresses, time zones, device information) that would allow usurp the identity of the legitimate owner accessing the service.

Their profits came from renting account identities through bots that included stolen accounts with fingerprint data that gave the impression that the access was legitimate.

To make it easier for customers, Genesis Market operators have provided browser plug-ins capable of importing login data and fingerprints from a compromised account, automatically assuming the digital identity of the real owner.

Depending on the type of account, buyers could pay less than $10 to access an account for a given period.

Genesis Market provided access to a large list of services with user accounts from all over the world. Among them were Gmail, Facebook, Netflix, Spotify, WordPress, PayPal, Reddit, Amazon, LinkedIn, Cloudflare, Twitter, Zoom and Ebay.

The FBI did not respond to a request for comment when contacted by BleepingComputer earlier in the day.


Source link