Ukrainian cyber police, working alongside U.S. law enforcement agencies, have identified an 18-year-old suspect from Odesa believed to be involved in a large-scale infostealer malware operation that compromised thousands of customer accounts connected to an online retailer in California.
According to authorities, the operation was active between 2024 and 2025 and relied on infostealer malware to infect users’ devices, collect browser session data, login credentials, and other sensitive information, and transmit the data to attacker-controlled servers.
Infostealers are designed to extract valuable information such as passwords, browser cookies, session tokens, cryptocurrency wallet details, and payment data. The stolen information is often used for fraud, account takeovers, and illegal resale.
Investigators said the attacks affected 28,000 customer accounts. Of those, 5,800 compromised accounts were reportedly used to make unauthorized purchases worth approximately $721,000. The operation also resulted in direct losses of around $250,000, including chargeback-related costs.
Authorities stated that the stolen information was processed and distributed through specialized online platforms and Telegram bots. The suspect is also believed to have conducted cryptocurrency transactions with accomplices connected to the scheme.
Police say the individual managed the online infrastructure used to process, sell, and exploit stolen session data, indicating a central role in the operation. Session tokens can allow attackers to access accounts without entering passwords and, in some cases, bypass multi-factor authentication protections.
During searches conducted at 2 residences linked to the suspect, investigators seized mobile phones, computers, bank cards, electronic storage devices, and other digital evidence. Authorities also recovered server activity logs, cryptocurrency exchange accounts, and access to platforms allegedly used to sell stolen information and manage compromised accounts.
While the suspect has been identified and evidence has been collected, authorities have not announced any arrest. The investigation remains ongoing as law enforcement continues to build the case.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.