Skip to main content

Global takedown of cybercriminals behind malware operation

Law enforcement officials in the United States and Europe said a takedown of cybercriminals behind malware operation. Authorities also seized 11 domain names tied to the Genesis Market.

An online marketplace that trafficked in stolen login credentials, email user names and passwords, bank account data and other sensitive information has been dismantled, law enforcement officials in the United States and Europe announced Wednesday.

Officials also have seized 11 domain names tied to the Genesis Market and arrested about 120 users across the world, including some in the U.S., according to the FBI and Justice Department, which participated in the operation.

The market "falsely promised a new age of anonymity and impunity, but in the end only provided a new way for the Department to identify, locate, and arrest on-line criminals," Deputy Attorney General Lisa Monaco said in a statement.

Genesis Market was created five years and since then has provided users with access to data taken from more than 1.5 million computers infected with malicious software, the department said.

"Operation Cookie Monster," the effort by law enforcement agencies in 17 countries, disrupted the largest marketplace of its kind.

HUMAN RIGHTS GROUP URGES EASTERN LIBYA TO RELEASE SINGER, BLOGGER

"Cookie" refers to the web browser cookies that let people log onto websites without the need for multifactor authentication. Criminal users of Genesis Market could purchase software scripts from it, including browser cookies and fingerprints that track a user's online activity.

The market, a "one-stop shop for account takeovers," was advertised on several, predominantly Russian-speaking underground forums, the cybersecurity firm Trellix, which assisted in the investigation, said in a research report.

"While underground marketplaces that sell stolen credentials aren’t a new thing, Genesis Market was one of the first that focused on fingerprints and browser cookies to enable account takeovers despite growing MFA adoption," the Trellix researchers said. A specialized browser it offered customers made "account takeover child’s play for criminals," their report says.

Trellix said it observed more than 450,000 infected machines in examining the marketplace.

Dutch police put up a webpage to allow members of the public to enter their email address to determine whether their data was for sale on Genesis Market. The Justice Department said it had provided victim information for a website so that people could check if their accounts had been compromised.

Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.