“Website has been seized”: Genesis market held by FBI 

A coordinated international law enforcement operation has dismantled Genesis Market, an illicit online marketplace that specialized in the sale of pilfered credentials associated with email, bank accounts, and social media platforms.

Today, the #FBI successfully disrupted Genesis Market, a dark market allowing users to commit cybercrimes by targeting victims worldwide and selling their stolen digital fingerprints. Read more about this collective effort at https://t.co/ROptLN7Jdx pic.twitter.com/JyqQEO0RI8

— FBI (@FBI) April 5, 2023

Simultaneous with the seizure of infrastructure, the significant crackdown, which involved authorities from 17 countries, culminated in the apprehension of 119 suspects and the execution of 208 property searches in 13 nations. However, the .onion mirror of the market seems to still be operational.

The “unprecedented” law enforcement exercise has been given the code name Operation Cookie Monster.

Backdoors of Genesis market

Trellix says: “Genesis Market has been around since 2018 and is the largest underground marketplace that sells credentials, browser fingerprints, and browser cookies. Under the moniker GenesisStore, the Genesis team advertised on several (predominantly Russian speaking) underground forums.”

Most of the infections associated with Genesis Market-related malware have been identified in the U.S., Mexico, Germany, Turkey, Sweden, Italy, France, Spain, Poland, Ukraine, Saudi Arabia, India, Pakistan, and Indonesia, among other countries, according to data compiled by Trellix.

Several prominent malware families, including 

• AZORult, 
• Raccoon, 
• RedLine, and 
• DanaBot was utilized to compromise victims, all of which are capable of extracting sensitive information from users’ systems. 

Furthermore, a deceitful Chrome extension intended to drain browser data is distributed through DanaBot.

Dismantling the core

The DoJ has labeled Genesis Market as one of the “most prolific initial access brokers (IABs)” in the cybercrime industry, and the U.S. Treasury Department has sanctioned the criminal marketplace, describing it as a “key resource” for threat actors targeting U.S. government organizations.

Genesis Market has 

• stolen credentials 
• device fingerprints, which are unique identifiers and browser cookies, 
• helped cybercriminals evade anti-fraud detection systems used by many websites
• purchased access credentials, fingerprints, and cookies
• buyers can assume the identity of the victim and trick third-party websites into thinking the user was the actual owner of the account.

• Court documents have revealed that the FBI gained access to Genesis Market’s backend servers twice in December 2020 and May 2022, allowing them to retrieve information about approximately 59,000 users of the marketplace.

🚨 Takedown of notorious hacker marketplace selling your identity to criminals.#GenesisMarket listed for sale the identities of over 2 million people when it was shut down following an international sweep led by 🇺🇸 @FBI & 🇳🇱 @Politie.

Press release ⤵️https://t.co/PxzkaJFXo7 pic.twitter.com/igK6gBMhGv

— Europol (@Europol) April 5, 2023

“The stolen data packages from infected computers, also known as “bots,” were sold for prices ranging from $0.70 to several hundred dollars, depending on the type of data,” according to Europol and Eurojust.

Emerging dark markets exposed

Another stealthy marketplace has been exposed with this seizure. The launch of a new dark web marketplace called STYX focused on 

• financial fraud, 
• money laundering, and 
• identity theft.

The marketplace has reportedly been operational since January 19, 2023.

STYX offers a range of illegal services, including 

• cash-out services, 
• data dumps, 
• SIM cards, 
• DDOS attacks, 
• 2FA/SMS bypass, 
• fake and stolen ID documents, and 
• banking malware. 

Similar to Genesis Market, STYX has tools designed to evade anti-fraud solutions and gain access to compromised accounts, using digital identifiers like stolen cookie files, device data, and network settings to spoof legitimate customer logins.

Resecurity notes that most of the vendors on STYX specialize in fraud and money laundering services targeting digital banking platforms, e-commerce, online marketplaces, and other payment applications globally, including the US, EU, UK, Canada, Australia, APAC, and the Middle East.

“The marketplace opened sometime around January 19, 2023, but earlier mentions of its launch were noted by Resecurity analysts on the Dark Web in early 2022. Back then, the actors behind STYX Marketplace were building out the platform’s built-in escrow module, which enables the brokering of transactions between buyers and sellers of illicit cybercriminal products and services.”

Concluding to warn of growing threats

The emergence of STYX is further evidence that the market for illegal services remains a profitable business for cybercriminals. The only way to be secure is to be knowledgeable about what’s happening and to be driven in opting for cybersecurity solutions.

Take your charge and plan to be safe, now!