Genesis market 2020 overview, a bazaar for buying data out of compromised computers.

  1. Traffic + Exploit Kit: Traffic is any stream of users you’re able to get to view your content, whether it is a Medium article, a Tweet or someone who visited your site.
A buyer looking to buy traffic, probably to get computers infected
If the user clicks “Enable Content” his computer will be infected with a virus
  1. Country- you can choose which country the displayed computers are from.
  2. Infection date- could be useful because another hacker could hack the same computer via a different campaign and steal his credit card before you.
  3. IP range- you can choose computers which are only within a specific IP range so that if you target a company with a known IP range, you will only get results of computers from that range.
  4. Browsing history- you can choose to only see computers that browsed “” for instance so you know they have an active Paypal account.
Forcepoint taking care of the issue!
  1. c_user- your user ID
  2. XS- a long string that is basically the “key” for Facebook to remember you
Picture taken from Sergey Lozhkin’s presentation during the Security Analyst Summit of 2019

In conclusion:

Genesis has been running since the beginning of 2019, I still remember them “only” having 10,000 infected computers so the fact they’ve managed to scale their operation to 230,000 computers reveals to me that their service must be very profitable.

  • If you enjoyed reading I would really appreciate if you followed me on twitter, I plan on posting more write-ups of all sorts!



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alon Gal — Under the Breach

Alon Gal — Under the Breach

Data breach monitoring and prevention, providing Cybercrime investigations and insights. 🇮🇱