Today’s FBI action against Genesis Market is the latest in a string of coordinated efforts to take down bot shops and other services that enable cybercrime. Earlier this year, the FBI seized Webstresser.org, a DDoS-for-hire service that was thought to be responsible for launching a massive attack against the City of Atlanta in 2018.

U.S. Federal Bureau of Investigation (FBI) seized multiple domain names associated with the cybercrime store Genesis Market. This store had been selling access to passwords and other data stolen from millions of computers infected with malicious software since 2018. FBI action coincided with “dozens” of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data, reports Brian Krebs.

The seizure notice includes the seals of law enforcement entities from several countries, including Australia, Canada, Denmark, Germany, the Netherlands, Spain, Sweden and the United Kingdom. Customers of Genesis Market could search for infected systems with a variety of options, including by Internet address or by specific domain names associated with stolen credentials. They could purchase a bot with a real fingerprint, access to e-mail, social networks, bank accounts, payment systems, and all previous digital life (history) of the bot.

The pricing for Genesis bots ranged quite a bit, but in general bots with large amounts of passwords and authentication cookies—or those with access to specific financial websites such as PayPal and Coinbase—tended to fetch far higher prices. New York based cyber intelligence firm Flashpoint says that in addition to containing a large number of resources, the most expensive bots overwhelmingly seem to have access to accounts that are easy to monetize.

One feature of Genesis that sets it apart from other bot shops is that customers can retain access to infected systems in real-time, so that if the rightful owner of an infected system creates a new account online, those new credentials will get stolen and displayed in the web-based panel of the Genesis customer who purchased that bot.