Genesis Market

Genesis Market was a cybercrime-facilitation website noted for its easy-to-use interface. It enabled users to spoof over two million different victims, providing access to their bank accounts.

The website was founded in 2017 and its publicly visible web operations were reportedly shut down by an international police operation in April 2023. Two weeks later the website was operational again.

The US government has stated that the website is operated from within Russia.

Description
Genesis Market was an English language website that facilitates identity fraud using personal details including passwords to popular websites including Airbnb, Amazon, eBay, Facebook, Fidelity, PayPal, and Netflix. The personal details used were stolen from 1.5 million computers. At the time its operations were disrupted, the website had 80 million digital profiles of over two million potential victims available. The scope of the thefts enabled by the website is not known, but the Federal Bureau of Investigation reported US$8.7 million of cryptocurrency thefts, and stated that the total theft is estimated to be tens of millions of dollars.

It is noted for its user-friendly interface and providing users with an easy means to digital adopt a target's identity to facilitate cybercrime. The website is used by fraudsters to impersonate target users without their knowledge and steal money from target's bank accounts.

In 2022, it was considered one of the top three such websites, the other two being Russian Market, and 2Easy.

United States Secretary of State, Antony Blinken stated that the website is operated from within Russia.

Genesis Market was known for selling persistent access to victim's computers. The info-stealers malware, would send an update of the password of a victim to Genesis Market, when it was changed. The National Police Corps (Netherlands) worked together with Trellix and Computest to analyse the Danabot Malware to share the unique elements of the infection with VirusTotal and Microsoft to create Antivirus software for this specific infection.

The National Police Corps (Netherlands) also launched a service called 'CheckYourHack' to check if an e-mail address was listed on Genesis Market. If it was, this service would provide a victim with an e-mail message containing advice how to mitigate their vulnerabilities.

History
Genesis Market was launched in beta form in 2017.

In December 2020, the Federal Bureau of Investigation, in collaboration with another unnamed national law enforcement agency, copied Genesis Market's server data, capturing user data of the site's 33,000 users in the process.

In May 2021, the website provided 374,401 target profiles in 218 countries.

The Federal Bureau of Investigation shut down the website's surface web domains in April 2023 as part of the international law enforcement operation known as Operation Cookie Monster. This international operation was led by the U.S. Federal Bureau of Investigation (FBI) and the Dutch National Police (Politie), with a command post set up at Europol’s headquarters on the action day to coordinate the different enforcement measures being carried out across the globe. The law enforcement operation involved seventeen countries including the British, Australian, Canadian, Spanish, Italian, German, Swedish, Polish, Danish, and Romanian police forces. After shutting down the website, 119 people were arrested and 208 properties were searched as part of the international collaborated police actions.

Within two weeks of the shut down a mirror of the website was fully functioning on the dark web.