Operation Cookie Monster: FBI dismantles Geneis.Market

Operation Cookie Monster: FBI dismantles Geneis.Market

Tough blow to cybercrime. The dismantling of the largest forum for stolen passwords, Genesis.markethas made recent news in the world of cybersecurity. This marketplace had been active since 2017, and allowed cybercriminals to not only sell access to stolen credentials from infected systems, but also to have direct access to those systems through the parallel sale of cookies and session tokens.


Last Wednesday, the FBI announced the seizure of its web domains, the subsequent deactivation of the forum and the dismantling of the criminal organization that maintained it. This intervention took place within the framework of Operation Cookie Monster, involving different European, Canadian and US institutions.

Now, when you enter these sites, the description “This website has been sized” appears, a message placed by the FBI on the pages it intervenes.

“Through the combined efforts of all law enforcement authorities involved, we have severely disrupted the cyber criminal ecosystem by eliminating one of its primary facilitators.” Edvardas Šileris, head of Europol’s European Cybercrime Center, mentions. “With victims located all over the world, strong relationships with our international partners were critical to the success of this case.”

Genesis.Market how dangerous was this group?

Genesis Market was primarily engaged in the sale of stolen digital identities. This market offered for sale what the owners called “bots,” which had infected victims’ devices through malware or account takeover attacks.

By purchasing one of these bots, criminals gained access to all the data collected by it, such as fingerprints, cookies, saved passwords and autofill form data. This information was collected in real time and buyers were notified of any changes to passwords, etc.

The price of each bot ranged from $0.70 to several hundred dollars, depending on the amount and nature of the data stolen. The most expensive ones contained financial information that allowed access to online bank accounts.

Criminals who purchased these special bots not only obtained stolen data, but also the means to use it. They were provided with a customized browser that mimicked that of their victim, allowing them to access their account without activating any of the security measures of the platform on which the credential to be used was located. These security measures included recognition of different login locations, a different browser fingerprint or a different operating system.

Has my account been leaked?

If you are concerned that your data has been compromised, the Dutch Police have set up a website that allows users to check if their login credentials were for sale on Genesis.market. Simply enter your email address and if the answer is yes, you will receive a message in the inbox of the affected account.

If you suspect that your accounts have been leaked, here are some recommendations:

Change your passwords immediately and make sure they are secure and unique for each account.

Enable two-step authentication. on all your accounts that allow it to add an extra layer of security.

Regularly monitor your accounts to detect any suspicious activity.

Consider using a password manager. to create and manage secure passwords for all your accounts.

Daniel Chapman