GoKawiilThe FBI Atlanta Field Office and Indonesian authorities have dismantled the "W3LL" global phishing platform, seizing infrastructure and arresting the alleged developer in what is described as the first coordinated enforcement action between the United States and Indonesia targeting a phishing kit developer.
The W3ll Store was a phishing kit and online marketplace that enabled cybercriminals to steal thousands of credentials and attempt more than $20 million in fraud.
"This Website Has Been Seized as part of a coordinated law enforcement action taken against W3LL STORE," reads a seizure message on w3ll[.]store website.
"The domain for w3ll.store has been seized by the Federal Bureau of Investigation in accordance with a seizure warrant issued pursuant to 18 U.S.C. §§ 981 and 982 by the United States District Court for the Northern District of Georgia as part of a joint law enforcement action by the Federal Bureau of Investigation."
Seizure banner shown on the W3LL Store site
Source: BleepingComputer
The W3LL phishing kit sold for $500 and allowed attackers to create convincing replicas of corporate login portals to harvest credentials. The kit allowed threat actors to capture authentication session tokens, enabling attackers to bypass multi-factor authentication and gain access to compromised accounts.
W3LL Store and W3LL Panel administration
Source: Group-IB
The threat actor also offered a marketplace called W3LLSTORE, where stolen credentials and unauthorized network access were bought and sold.
... continue reading