FBI seizes stolen credentials market Genesis in Operation Cookie Monster

The domains for Genesis Market, one of the most popular marketplaces for stolen credentials of all types, were seized by law enforcement earlier this week as part of Operation Cookie Monster.

The action is an important blow to the cybercriminal world as Genesis was one of the offering both consumer and corporate account identities.

Looking for the admins

While authorities have yet to publish press releases about the takedown, accessing the Genesis Market domains shows a banner saying that the FBI has executed a seizure warrant.

It appears that the administrators of the marketplace have not been caught or identified as the FBI is interested in anyone that is in contact with them. Whoever is behind the Genesis Market has kept a low profile for all these years, indicating good operational security knowledge.

Genesis Market domains seized by the FBI
FBI seizes Genesis Market domains
source: BleepingComputer

The FBI informs that the action was possible with the support of multiple organizations in the public and private sectors.

“These seizures were possible because of international law enforcement and private sector coordination,” reads the seizure banner, which includes close to two dozen partners.

Alexander Martin of that the Genesis Market takedown prompted a large number of arrests all over the world.

Genesis, the digital identity market

Genesis Market started in alpha stage in late 2017 and by 2020 it became the most popular online shop for account credentials for various services, device fingerprints, and cookies.

The operators of the market used info-stealing malware to collect logins along with the fingerprint data (e.g. cookies, IP addresses, time zones, device info) that would allow impersonating the legitimate owner accessing the service.

Their profits came from renting the account identities through bots that included stolen accounts complete with the fingerprint data that made the access appear legitimate.

To make it easier for customers, Genesis Market operators provided browser plug-ins that could import the login data and fingerprints of a compromised account, automatically assuming the digital identity of the real owner.

Depending on the type of account, buyers could pay less than $10 for access to an account for a specific period.

Genesis Market provided access to a wide list of services with user accounts from all over the world. Among them were Gmail, Facebook, Netflix, Spotify, WordPress, PayPal, Reddit, Amazon, LinkedIn, Cloudflare, Twitter, Zoom, and Ebay.

The FBI did not reply to a request for comment when BleepingComputer reached out earlier today.