Ukraine’s cyberpolice, working with U.S. law enforcement, said it identified an 18-year-old man from Odesa suspected of running an infostealer malware operation that targeted users of an online store in California and affected 28,000 customer accounts.
KEY FACTS
- Target Users of an online store in California
- Impact 28,000 customer accounts were affected
- Losses 5,800 accounts were used for unauthorized purchases totaling about $721,000
- Seizures Police searched two residences and took phones, computers, bank cards and storage media
According to a police disclosure, the malware was used between 2024 and 2025 to infect devices, steal browser sessions and collect account credentials.
Infostealers are designed to harvest sensitive data such as passwords, browser cookies, session tokens, crypto wallets and payment information. The stolen data was then processed and sold through specialized online resources and Telegram bots, the disclosure said.
Police said the suspect handled the online infrastructure used to process, sell and use the stolen session data, which placed him in a central role in the operation. Investigators also cited cryptocurrency transactions with accomplices and evidence from server logs, exchange accounts and access to resources used to manage compromised accounts.
The announcement did not mention an arrest. It said searches at the suspect’s residences turned up digital evidence that investigators say links him to the scheme.
WHY IT MATTERS
The case highlights how infostealer malware can be used to turn stolen sessions and credentials into account takeovers and fraud, even when passwords are not reused. It also shows how investigators are tracing the infrastructure and financial trail behind such campaigns.