BSidesTLV 2023

How to take cookies from the Cookie Monster: Genesis Market Takedown
2023-06-29, 10:05–10:30 (Europe/Oslo), Smolarz

In April 2023, a global law enforcement task force disrupted the infamous Genesis Market, the largest browser cookie marketplace. This talk analyzes how cybercriminals used the marketplace to bypass multi-factor authentication, fake victims' identities. Attendees will gain insight into the work Trellix did to assist Law Enforcement in the global takedown.

In April 2023, a global law enforcement task force comprising 17 countries, including the FBI, Europol, and the Dutch Police, disrupted the infamous browser cookie marketplace known as Genesis Market, which was the largest of its kind. The marketplace offered credentials, browser fingerprints, and browser cookies for sale, which enabled cybercriminals to bypass multi-factor authentication and assume the identity of victims. The takedown effort aimed to render the market’s scripts and binaries useless, and resulted in the arrest or approach of hundreds of users.

In this talk, we will provide an overview of Genesis Market's functions and operations, analyze the malware samples that law enforcement shared with Trellix. We will explain how cybercriminals used purchased browser fingerprints and cookies to fake the identity of the victim, and how the Genesium browser and plugin facilitated account takeovers. By attending this talk, participants will gain a deeper understanding of the dangers of browser cookies and the role of underground marketplaces in cybercrime. Learn about the latest trends and techniques in info-stealing malware, and how law enforcement and security professionals can collaborate to combat them.