Genesis Market's featured product, "credentials with browser fingerprints," invalidates many identity defense measures.
Frontline of the fight against cybercrime
- The world's largest dark web black market was shut down: more than $5 billion in stolen money was traded through digital currencies
- A big win against ransomware! Russia and the United States joined forces, and Russia successfully destroyed the REvil gang
- The DarkSide ransomware server was seized and operations were terminated
- The NetWalker website of the ransomware involved in the tens of millions of dollars was seized
Security Internal Reference News on April 6, the US Federal Bureau of Investigation (FBI) led more than a dozen international partners participated in a joint law enforcement operation, seizing one of the world's most important cybercrime platforms, Genesis Market.
As a one-stop shop for criminals, Genesis Market sells stolen credentials and data weaponization tools linked to millions of financially motivated cyber incidents around the world, including cyber fraud, ransomware attacks, and more.
The login page of the Genesis Market website has now been replaced by a new page titled "Operation Cookie Monster," which explicitly mentions that the marketplace has been shut down. The Genesis organization maintains separate websites on the dark web and on the regular web.
Foreign media The Record learned that mass arrests are also being carried out around the world.
Top Features:
Sell credentials with browser fingerprints
Alexander Leslie, an analyst at threat intelligence vendor Recorded Future, said Genesis Market stands out from credential sales markets such as the Russian Market and 2easy Shop with its unique "service offering."
Unlike other similar marketplaces, Genesis Market provides criminals with access to a "bot" or "browser fingerprint" that allows them to impersonate the victim's web browser — including IP addresses, session cookies, operating system information, and plugins.
Using this fingerprint information, Leslie said, criminals can access subscription platforms such as Netflix, Amazon and even online banking services without triggering "Why would user XX log in in India?" " and other security alerts. Users can even successfully bypass multi-factor authentication.
"The fingerprint information on the Genesis Store is unique because it simulates the victim's browser session – so that the victim cannot be distinguished from the actual user, bypassing the security identification "token."
Leslie explained that the data contained in the broiler is mainly collected by infostealing malware. And unlike other competitors, Genesis Market doesn't have a list of third-party vendors, unlike the Russian Market, which explicitly lists infostealers like RedLine, Vidar, Raccoon or META.
PICTURED: "BROILERS" LISTED ON GENESIS MARKET
The scale is huge:
Hundreds of millions of lists of "broilers" have appeared
Once purchased, the "broiler" can be imported into a browser developed by criminals called Genesis Security, which can also be used as an extension to other web browsers. These "broilers" allow perpetrators to disguise themselves using stolen credentials.
It also provides a list of services that can be accessed via fingerprint, often including Netflix, Amazon, Facebook and eBay accounts. "Broilers" also hold service credentials that are not automatically included in the list, such as employee networks.
"Everything matches exactly - location, IP address, browser information, etc. After installing the Genesis Store browser extension, buyers will be able to import the victim "broiler", and the browser will immediately reset to fake your victim "identity". For online services, this identity is highly similar, and likely to be identical, to real users. ”
Figure: The platform provides browsers and plugins for users to deploy "broiler"
The Genesis Marketplace is an invitation-only website, but invitation codes can be found in search engines. As with most major crime forums, invitation codes are available everywhere, even in YouTube videos.
It's unclear how many victims are on the Genesis market, but Leslie said the Recorded Future platform has found a total of about 135 million listings of "broilers" since 2018.
"Based on the number of active listings at the moment, and looking at the total sample size cited by the platform over the past month (1.3 million), I think the Genesis Store has about 30 to 50 million active listings over its lifetime."
He also warned that the number is only an estimate and that "the actual number may be much higher because the Genesis Store does not show history."
Its crime business was also designed with low barriers to entry in mind, hoping to provide one-stop fraud services to a wider audience. Genesis even provides a corresponding Wikipedia to explain how it works to new users in the hope of widely commoditizing fraud.
FIGURE: GENSISS EXPLAINS HOW FRAUDULENT ACTIVITIES ARE CARRIED OUT IN WIKI ENTRIES
This means that the information-stealing 'botnet' is managed and controlled by the Genesis Store," meaning that the criminals behind the Genesis Store have "command and control over the entire list and continuous access to infected machines." ”
That's part of what keeps the Genesis Store alive. Constant communication with the infected machine will ensure that the broiler is constantly updated to keep the fingerprint information as up-to-date as possible. ”
Reference: therecord.media