Law enforcement just arrested 120 people in an international malware crackdown dubbed ‘Operation Cookie Monster’

This post was originally published on this site

https://content.fortune.com/wp-content/uploads/2023/04/GettyImages-857205346.jpg?w=2048

An online marketplace that trafficked in stolen login credentials, email user names and passwords, bank account data and other sensitive information has been dismantled, law enforcement officials in the United States and Europe announced Wednesday.

Officials also have seized 11 domain names tied to the Genesis Market and arrested about 120 users across the world, including some in the U.S., according to the FBI and Justice Department, which participated in the operation.

The market “falsely promised a new age of anonymity and impunity, but in the end only provided a new way for the Department to identify, locate, and arrest on-line criminals,” Deputy Attorney General Lisa Monaco said in a statement.

Genesis Market was created five years and since then has provided users with access to data taken from more than 1.5 million computers infected with malicious software, the department said.

“Operation Cookie Monster,” the effort by law enforcement agencies in 17 countries, disrupted the largest marketplace of its kind.

“Cookie” refers to the web browser cookies that let people log onto websites without the need for multifactor authentication. Criminal users of Genesis Market could purchase software scripts from it, including browser cookies and fingerprints that track a user’s online activity.

The market, a “one-stop shop for account takeovers,” was advertised on several, predominantly Russian-speaking underground forums, the cybersecurity firm Trellix, which assisted in the investigation, said in a research report.

“While underground marketplaces that sell stolen credentials aren’t a new thing, Genesis Market was one of the first that focused on fingerprints and browser cookies to enable account takeovers despite growing MFA adoption,” the Trellix researchers said. A specialized browser it offered customers made “account takeover child’s play for criminals,” their report says.

Trellix said it observed more than 450,000 infected machines in examining the marketplace.

Dutch police put up a webpage to allow members of the public to enter their email address to determine whether their data was for sale on Genesis Market. The Justice Department said it had provided victim information for a website so that people could check if their accounts had been compromised.

Subscribe to Well Adjusted, our newsletter full of simple strategies to work smarter and live better, from the Fortune Well team. Sign up today.