GoKawiilThe Ukrainian cyberpolice, working in conjunction with U.S. law enforcement, has identified an 18-year-old man from Odesa suspected of running an infostealer malware operation targeting users of an online store in California.
According to the Ukrainian police, the threat actor used information-stealing malware between 2024 and 2025 to infect users’ devices and steal browser sessions and account credentials.
Infostealers are a popular type of malware that harvests sensitive data, including passwords, browser cookies, session tokens, crypto wallets, and payment information, from infected devices and sends it to cybercriminals for account theft, fraud, and resale.
The attacks linked to the young hacker impacted 28,000 customer accounts, of which the cybercriminals used 5,800 to make unauthorized purchases totaling about $721,000. The malicious operation caused $250,000 in direct losses, including chargebacks.
“To carry out the criminal scheme, the attackers used 'infostealer' malware that secretly infected users’ devices, collected login credentials, and transmitted them to servers controlled by the attackers,” the police says.
“The information was then processed and sold through specialized online resources and Telegram bots.”
The police say the suspect engaged in cryptocurrency transactions with his accomplices.
Cyberpolice at the suspect's house
Source: cyberpolice.gov.ua
The “session data” mentioned in the police announcement refers to session tokens that can be used to log in to the victim’s account without needing credentials and, in some cases, bypass multi-factor authentication (MFA) checks as well.
... continue reading