Genesis Market Place is back – Blackhats who do not run away

January 15, 2021
Genesis Market Place Back Blackhats dark web

Blackhats who do not run away will continuously cause havoc and insecure private data breach to individuals and companies. Though it is rare for adversaries to honour their customers, yesterday the doubt of security researchers and adversaries were proven wrong. Both onion and Clearnet version of the Genesis Market website is up and running. Yet, the features are not complete because their Genesis Security Plugin is not available as of the moment.


Genesis Market Place back exit scam blackhats image 1


As seen on the above screenshot when we tried accessing the plugin, it won’t let us. It is because of some kind of maintenance and upgrades. What the plugin does is shown on the below screenshot:


Genesis Market Place back exit scam blackhats image 2


Here is the text version of the above screenshot:

What can the plugin do?

For ones who are interested in technical details, here is a list of main elements that our plugin achieves to emulate: 

  1. Screen! correct ! and full change
  2. Navigator! correct ! and full change
  3. Window! correct ! change
  4. Document! correct ! change
  5. WebGL
  6. IE components & ActiveX
  7. Permissions
  8. Fonts – only we managed to perform a correct and technically-literate change
  9. Geolocation – even with the same time lag as the original holder would have
  10. Cookies
  11. Canvas
  12. Web Audio – for the ones who understand
  13. WebRTC
  14. Headers – Correct headers’ change!
  15. Security Headers
  16. JS versions
  17. CSS @media
  18. Navigator Cores
  19. hidden *
  20. hidden * 
  21. hidden *
  22. hidden *
  23. hidden *
  24. hidden *
  25. hidden *


What are the targets of Genesis Market

Through different methods from Social Engineering, Malware distribution, Fake application installers thriving on the internet, it is possible that these bots come along with what I mentioned. Anti-Malware detection is believed to be bypassed due to the bot’s sophisticated signature. These bots may have been lurking around the browser and not the operating system itself, therefore making it more difficult for malware removal.


This means that the target of Genesis Market is random and indiscriminate. It will depend on the hobbies and the browsing activities where the bot will be installed. 


For corporations, especially the technology and financial sectors, you must scan and perform detailed auditing of the systems, machines, and browsers of your company’s IT and System Admins. Having a compromised system within the network may lead to a data breach where serious consequences may arise. Data exfiltration is at risk, but other types of malware could be deployed once any hackers get a system admin access to your network. One of which we want to proactively avoid is a ransomware that can also exfiltrate data. The damages it can bring is immense where financial loss is imminent and in the long run, brand reputation damage if this goes uncontrolled. Adversaries love to share and publish data in the dark web and cybercriminal forums. Once the distribution reaches the criminal network’s domains, it will be more unlikely to get these data taken down because these blackhats employ numerous tricks to avoid getting their servers traced. While taking down dark web sites, repositories and distribution network is possible, historically only the combined efforts of INTERPOL and different government back legal enforcement were able to successfully take down such contents. 


Data Loss Recovery 

The first step of controlling the damages of exfiltrated data is to know up to what extent of the information was exposed. To make these happen, a data loss recovery through an experienced threat intelligence team will perform an investigation and ultimately recover by getting copies of the exposed data. iZOOlogic can perform these scans and recovery as well to help you identify the exposed data. After identification and analysis, what you can do next is to notify the affected people. The GDPR law implemented in the EU requires member states to do it. Otherwise, they will face penalties. Other countries almost have similar sanctions for companies that fail to announce and identify the affected data that was breached. To avoid such sanctions, we must learn to mitigate unfortunate events’ damage by considering information security over the internet. Information security doesn’t stop within the company network, it extends further to the internet and the dark web itself. 


About the author

Leave a Reply