The Ukrainian cyberpolice, working together with U.S. regulation enforcement, has recognized an 18-year-old man from Odesa suspected of operating an infostealer malware operation focusing on customers of a web-based retailer in California.
In accordance with the Ukrainian police, the menace actor used information-stealing malware between 2024 and 2025 to contaminate customers’ gadgets and steal browser periods and account credentials.
Infostealers are a well-liked sort of malware that harvests delicate knowledge, together with passwords, browser cookies, session tokens, crypto wallets, and fee data, from contaminated gadgets and sends it to cybercriminals for account theft, fraud, and resale.
The assaults linked to the younger hacker impacted 28,000 buyer accounts, of which the cybercriminals used 5,800 to make unauthorized purchases totaling about $721,000. The malicious operation prompted $250,000 in direct losses, together with chargebacks.
“To hold out the prison scheme, the attackers used ‘infostealer’ malware that secretly contaminated customers’ gadgets, collected login credentials, and transmitted them to servers managed by the attackers,” the police says.
“The data was then processed and bought by specialised on-line sources and Telegram bots.”
The police say the suspect engaged in cryptocurrency transactions along with his accomplices.
Supply: cyberpolice.gov.ua
The “session knowledge” talked about within the police announcement refers to session tokens that can be utilized to log in to the sufferer’s account without having credentials and, in some instances, bypass multi-factor authentication (MFA) checks as effectively.
The 18-year-old suspect administered the web infrastructure used to course of, promote, and make the most of the stolen session knowledge, the police said, indicating that he held a central position within the operation.
The police carried out two searches on the suspect’s residences and seized cellphones, laptop tools, financial institution playing cards, digital storage media, and different digital proof that verify his involvement within the unlawful operation.
Proof contains entry to sources used to promote stolen knowledge and to handle compromised accounts, server exercise logs, and accounts on cryptocurrency exchanges.
Supply: cyberpolice.gov.ua
At this stage, authorities have recognized the suspect, carried out searches, and seized gadgets and different proof allegedly linking him to the operation.
Nonetheless, the announcement doesn’t point out an arrest, suggesting that investigators should be constructing the case earlier than formally charging him.
Automated pentesting instruments ship actual worth, however they have been constructed to reply one query: can an attacker transfer by the community? They weren’t constructed to check whether or not your controls block threats, your detection guidelines hearth, or your cloud configs maintain.
This information covers the 6 surfaces you really have to validate.
