Several domain names linked to Genesis Market, one of the most significant cyber fraud platforms, were seized as a result of an international law enforcement operation. Named “Operation Cookie Monster,” it involved the FBI, Europol, and law enforcement agencies from the UK, Poland, Canada, Norway, Spain and Sweden.
Genesis Market was an invitation-only dark web forum that has been around since before 2018. By 2020 the platform became the most popular online store for account credentials for various services, device fingerprints, and cookies. The marketplace was discoverable through regular web search engines. As with most large-scale criminal forums, invite codes were widely available, even being offered on YouTube videos, The Record says.
According to Recorded Future’s analyst Alexander Leslie, Genesis Market provided criminals access to “bots” or “browser fingerprints” that allowed them to impersonate victims’ web browsers, including IP addresses, session cookies, OS information, and plugins. The data included in the “bots” was mostly collected through infostealing malware, with the vast majority coming from AZORult.
Citing sources familiar with the investigation, KrebsOnSecurity reported that law enforcement agencies in the US, Canada and across Europe are currently serving arrest warrants on dozens of individuals thought to support Genesis, either by maintaining the site or selling the service bot logs from infected systems.
Last month, the US authorities arrested 22-year-old Conor Brian Fitzpatrick (aka “Pompompurin”), a suspected administrator of a popular dark web data breach forum “BreachForums.” Following Pompompurin’s arrest the platform was shut down.
