- Joined
- Jun 13, 2020
- Messages
- 6,487
- Reaction score
- 890
- Points
- 212
- Awards
- 2
Genesis Market provided attackers with unique tools to circumvent the protection and hacking of online banks.
On April 4, during an international law enforcement operation led by the FBI, one of the most significant Genesis Market trading sites among cybercriminals was seized.
Genesis Market, which functioned as a universal store for criminals, sold as stolen credentials, and tools for using this data have been associated with millions of cybercidents with theft of funds around the world – from fraud to extorting programs.
Unlike its competitors, Genesis Market provided cybercriminals with access to « bots » or browser prints that made it possible to impersonate the victim’s web browsers by replacing IP addresses, session cookies, OS information and plugins.
The browser prints allowed hackers to access platforms that work by subscription, for example, Netflix. In addition, you can enter the online bank without causing security warnings. Using stolen data and a browser print, scammers can even bypass multifactorial authentication. The prints on the Genesis Store are notable for emulating the victim’s browser session.
The data included in « bots » were mainly stolen using infostlers. After purchasing « bots », information could be imported into your own Genesis browser called Genesis Security, which is also available as an extension for other web browsers. Bots allowed criminals to disguise themselves as stolen credentials.
All necessary data is copied — location, IP address, browser information, etc. When you have an extension for the Genesis Store browser, you can import your victim’s bot and the browser will immediately reboot by accepting the victim’s profile.
| Boot browser and plug-in module |
The total number of Genesis Market victims is unknown, but the Recorded Future company discovered that since 2018, about 135 million separate bots have been registered on the platform.
Based on the current number of active announcements compared to the sample size of the total number of links to the platform for the last month ( 1.3 million ), it is possible that the Genesis Store had from 30 to 50 million. active bots during its existence.
The low entry threshold was part of the concept of the criminal service, which functioned as a universal center for fraud. Genesis even provided a page with instructions on how the platform works and how to commit cybercrime.
It is worth noting that the botnet is controlled by the Genesis Market administration. In other words, Genesis operators also had constant access to infected machines. This is one of the criteria that made the Genesis Store so effective for criminals. Constant communication with an infected machine means that « bot » is constantly updated, and the print remains always relevant.
__________________