Ukraine identifies infostealer operator tied to twenty-eight,000 stolen accounts

The Ukrainian cyberpolice, operating along with U.S. regulation enforcement, has known an 18-year-old guy from Odesa suspected of operating an infostealer malware operation concentrated on customers of a web based retailer in California.

In keeping with the Ukrainian police, the danger actor used information-stealing malware between 2024 and 2025 to contaminate customers’ units and thieve browser classes and account credentials.

Infostealers are a well-liked form of malware that harvests delicate information, together with passwords, browser cookies, consultation tokens, crypto wallets, and cost news, from inflamed units and sends it to cybercriminals for account robbery, fraud, and resale.

The assaults related to the younger hacker impacted 28,000 buyer accounts, of which the cybercriminals used 5,800 to make unauthorized purchases totaling about $721,000. The malicious operation led to $250,000 in direct losses, together with chargebacks.

“To hold out the legal scheme, the attackers used ‘infostealer’ malware that secretly inflamed customers’ units, accumulated login credentials, and transmitted them to servers managed through the attackers,” the police says.

“The tips was once then processed and bought thru specialised on-line sources and Telegram bots.”

The police say the suspect engaged in cryptocurrency transactions along with his accomplices.

The “consultation information” discussed within the police announcement refers to consultation tokens that can be utilized to log in to the sufferer’s account without having credentials and, in some instances, bypass multi-factor authentication (MFA) assessments as neatly.

The 18-year-old suspect administered the web infrastructure used to procedure, promote, and make the most of the stolen consultation information, the police said, indicating that he held a central position within the operation.

The police performed two searches on the suspect’s flats and seized cellphones, pc apparatus, credit cards, digital garage media, and different virtual proof that ascertain his involvement within the unlawful operation.

Proof contains get admission to to sources used to promote stolen information and to control compromised accounts, server process logs, and accounts on cryptocurrency exchanges.

At this level, government have known the suspect, performed searches, and seized units and different proof allegedly linking him to the operation.

Then again, the announcement does no longer point out an arrest, suggesting that investigators might nonetheless be development the case sooner than officially charging him.