Ukrainian and American law enforcement officials announced the exposure of the infostealer operator, who was behind the compromise of 28,000 user accounts of an online store in the United States.
Ukrainian cyber police reportedly teamed up with U.S. authorities, who allegedly tracked down an 18 year old male located in Odessa, Ukraine, accused of orchestrating a malware campaign against California-based customers of an e-commerce site.
Ukrainian officials say the alleged attacker utilized infostealer malware (information stealing) on infected computers and mobile devices to capture browser sessions and user ID’s from those using the e-commerce site between 2024-25. Infostealers are a common form of malware that steals sensitive information such as logins/passwords, browser cookies/session tokens/crypto wallets/payment information. The stolen data is then sent back to the hackers.
Authorities say the young hacker allegedly compromised over 28,000 customer accounts. Of these 5,800 accounts were allegedly compromised and used to make unauthorized purchases equaling roughly $721,000. Authorities claim this hacking operation caused direct monetary loss for the merchant in excess of $250,000 due to lost merchandise/chargeback fees. “To accomplish their scheme the hackers used ‘info stealer’ malware that infected users’ devices without users knowledge. They would obtain the users’ login credentials and transmit them to servers owned/control of the hackers. Once obtained they would process the information and sell it via specialized internet websites/bots available via Telegram.
In the police statement, the “Session Data” being referenced is Session Tokens, which would allow the hacker to login to an individual’s victimized account without needing the individual’s password and, in some circumstances, bypass MFA (Multi-Factor Authentication).
The 18 year old male was reportedly the person who managed the infrastructure on-line for processing, selling and utilizing the compromised session data; therefore it appears he was one of the main individuals involved in the scheme. Police stated they executed two searches of the suspect’s homes where they seized various items including mobile phones, computers, bank cards, memory devices and other digital artifacts related to the illegal enterprise.
At this stage, law enforcement has identified the suspect, conducted searches, and seized devices and other evidence allegedly linking him to the operation. However, the statement does not mention an arrest, suggesting that investigators may still be preparing the case before formally charging him.
