Ukrainian cyber police have identified an 18-year-old suspect accused of operating an infostealer malware campaign tied to the theft of approximately 28,000 online accounts and hundreds of thousands of dollars in fraudulent transactions.
According to Ukrainian authorities, the suspect, based in Odesa, allegedly used infostealer malware to compromise customer accounts connected to an online retailer in California. Investigators said the operation allowed cybercriminals to gain unauthorized access to thousands of user accounts, many of which were later abused for fraudulent purchases and financial theft.
Law enforcement agencies said the attacks resulted in unauthorized purchases across roughly 5,800 compromised accounts, generating approximately $721,000 in fraudulent transactions. Officials also reported direct financial losses of about $250,000 related to chargebacks and associated fraud costs.
The investigation was conducted jointly by the Ukrainian cyber police and U.S. law enforcement authorities. During searches linked to the suspect, investigators reportedly seized computer equipment, mobile devices, banking cards, and digital evidence connected to the malware operation.
Authorities said the attacker used infostealer malware to secretly infect victim devices and harvest login credentials, authentication data, and other sensitive information. The stolen data was then transmitted to infrastructure controlled by the attackers and later used to access customer accounts without authorization.
Infostealers remain one of the most widespread forms of cybercrime malware due to their ability to silently collect credentials, browser cookies, financial information, cryptocurrency wallet data, and authentication tokens from infected systems. Security researchers warn that stolen credentials obtained through infostealer infections are frequently sold on underground cybercrime forums or reused in larger fraud, ransomware, and phishing operations.
Cybercriminal groups increasingly distribute infostealers through phishing emails, malicious browser extensions, pirated software, fake software installers, cracked applications, and compromised websites. Many modern infostealer operations also function under malware-as-a-service models, allowing less technically skilled attackers to rent malware infrastructure and stolen credential services.