Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.

The number of stolen digital identities available on the Genesis Market has risen from 100,000 in April 2019 to over 350,000 in March 2021, with over 18,000 added each month, Netacea, the bot detection and mitigation specialist, said in new research into the world’s largest invite-only deep web marketplace for stolen information.

Above: Figure 2 shows the resources that exist on a “bot” in the upper price range of the Genesis Market. There are multiple accounts for many well-known services and a wealth of other accounts from services unrecognized by Genesis; such as academic accounts. (Source: Buying Bad Bots Wholesale: The Genesis Market)

Image Credit: Netasea

The Genesis Market is an illegal online marketplace for stolen credentials. While many underground markets for stolen credentials operate from the anonymity of the dark web, Genesis Market is accessible from the open web. Access to the illegal marketplace is closely guarded by a strict invitation system, but once inside, users are presented with a well-organized one-stop-shop of stolen digital identities.

This data takes the form of device fingerprints, which allow users to essentially wear the “mask” of their victim online, gaining access to all their online accounts whilst bypassing traditional anti-fraud and cybersecurity defenses.

Cybercriminals target victims with malware and account takeover (ATO) bots to infiltrate their devices and harvest login credentials, as well as cookies, form autofill data and device fingerprints. These are then put up for sale on Genesis Market as packaged “bots” which are used to impersonate victims online. The asking price per bot can range from as little as $0.70 up to around $350 depending on the amount and nature of the data. The most expensive will contain financial details to allow access to online banking accounts. Upon purchase, consumers are provided with a custom browser to load the data into and are free to browse the internet masquerading as the hapless victim, use saved logins to access their accounts and – where login cookies exist – continue a victim’s session. All without any access to the original device.


Intelligent Security Summit

Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.

Register Now

Read more in Netacea’s full report Buying Bad Bots Wholesale: The Genesis Market

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.