Friday, February 7, 2025
Homecyber securityAuthorities Seized Most Popular Marketplace for Stolen Credentials

Authorities Seized Most Popular Marketplace for Stolen Credentials

Published on

SIEM as a Service

Follow Us on Google News

Law enforcement agencies seized the domains for Genesis Market, one of the world’s biggest marketplaces for cyber fraud. Genesis has been connected to millions of financially driven cyber incidents worldwide, from fraud to ransomware attacks.

Genesis served as a one-stop shop for thieves, selling stolen credentials and the tools to weaponize that data.

The login pages of Genesis Market’s websites have been changed to a splash page announcing the takedown, titled Operation Cookie Monster. Both on the regular web and the dark web, the organization maintained websites.

Genesis Market domains seized by the FBI

Accessing the Genesis Market domains reveals a banner stating that the FBI has executed a seizure warrant, even though authorities have not released press statements announcing the seizure.

Given that the FBI is searching for anyone who has contact with them, it appears that the marketplace’s administrators have not been recognized. Keeping a low profile for so long suggests that whoever is behind the Genesis Market has a solid understanding of operational security.

“These seizures were possible because of international law enforcement and private sector coordination,” reads the seizure banner.

“For too long criminals have stolen credentials from innocent members of the public,” Robert Jones, director general of the National Economic Crime Centre at the NCA, said.

“We now want criminals to be afraid that we have their credentials, and they should be.”

Genesis Market – A One-Stop Shop for Login Data

Login information, IP addresses, and other information that served as the victims’ “digital fingerprints” were sold by Genesis Market.

The personal data, frequently less than $1, allowed thieves to access bank and shopping accounts.

Reports say Genesis Market offered hackers access to “bots” or “browser fingerprints, ” enabling them to impersonate victims’ online browsers. These fingerprints included IP addresses, session cookies, operating system details, and plugins.

They generated money by renting out the account identities using bots that had stolen accounts together with the fingerprint information that gave the access the appearance of being authorized.

Genesis Market operators made it simpler for clients by offering browser plug-ins that could import the login information and digital fingerprints of a hijacked account, immediately assuming the digital identity of the actual owner. Buyers may pay less than $10 for access to an account for a specified period, depending on the type of account.

Many services with global user accounts were accessible through Genesis Market. Gmail, Facebook, Netflix, Spotify, WordPress, PayPal, Reddit, Amazon, LinkedIn, Cloudflare, Twitter, Zoom, and eBay were a few among them.

Building Your Malware Defense Strategy – Download Free E-Book

Related Read:

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Dell Update Manager Plugin Flaw Exposes Sensitive Data

Dell Technologies has issued a security advisory (DSA-2025-047) to address a vulnerability in the Dell Update...

DeepSeek iOS App Leaks Data to ByteDance Servers Without Encryption

DeepSeek iOS app—a highly popular AI assistant recently crowned as the top iOS app...

Critical Flaws in HPE Aruba ClearPass Expose Systems to Arbitrary Code Execution

Hewlett Packard Enterprise (HPE) has issued a high-priority security bulletin addressing multiple vulnerabilities in...

Splunk Introduces “DECEIVE” an AI-Powered Honeypot to Track Cyber Threats

Splunk has unveiled DECEIVE (DECeption with Evaluative Integrated Validation Engine), an innovative, AI-augmented honeypot that mimics...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Dell Update Manager Plugin Flaw Exposes Sensitive Data

Dell Technologies has issued a security advisory (DSA-2025-047) to address a vulnerability in the Dell Update...

DeepSeek iOS App Leaks Data to ByteDance Servers Without Encryption

DeepSeek iOS app—a highly popular AI assistant recently crowned as the top iOS app...

Critical Flaws in HPE Aruba ClearPass Expose Systems to Arbitrary Code Execution

Hewlett Packard Enterprise (HPE) has issued a high-priority security bulletin addressing multiple vulnerabilities in...