To the point: Ukrainian cyber police identified an 18-year-old suspect from Odesa as the operator of an infostealer campaign that compromised 28,000 accounts and caused damages of at least $250,000. Authorities conducted searches and seized digital evidence.
In collaboration with US authorities, Ukrainian cyber police identified an 18-year-old man from Odesa suspected of operating an infostealer malware campaign. The cybercriminal activity between 2024 and 2025 targeted 28,000 customer accounts of a California-based online shop.
The young suspect used information theft malware to infect user devices and steal browser sessions and login credentials. The cybercriminals used 5,800 of the stolen accounts to make unauthorized purchases totaling approximately $721,000 and caused direct losses of $250,000, including chargebacks.
The infostealer malware collected login credentials and transmitted them to the attackers’ servers. The stolen information was subsequently processed and sold through specialized online resources and Telegram bots. The suspect was centrally responsible for managing the online infrastructure used to process, sell, and utilize the stolen session data.
The session data enabled the cybercriminals to log into victim accounts without login credentials and in some cases bypass multi-factor authentication. Cyber police conducted searches at the suspect’s residences and seized mobile phones, computer equipment, bank cards, and digital storage media as evidence. The suspect was also involved in cryptocurrency transactions with his accomplices.