Ukrainian and U.S. authorities have identified an infostealer malware operation targeting a California-based online store, where the threat actor used information-stealing malware to infect user devices and steal browser sessions and account credentials. The operation compromised approximately 28,000 customer accounts, leading to unauthorized purchases and direct financial losses. The suspect managed the online infrastructure for processing and selling the stolen session data, with evidence seized from residential searches.
Malware Teenager from Odesa suspected of running infostealer malware operation May 21, 2026 Share By SC Staff As outlined in Bleeping Computer, Ukrainian cyberpolice, in collaboration with U.S. law enforcement, have identified an 18-year-old man from Odesa suspected of orchestrating an infostealer malware operation that targeted users of a California-based online store. The suspect allegedly used information-stealing malware between 2024 and 2025 to infect user devices, aiming to steal browser sessions and account credentials. The operation impacted approximately 28,000 customer accounts, with 5,800 accounts being used for unauthorized purchases totaling around $721,000. The malicious activity resulted in direct losses of $250,000, including chargebacks. The suspect is believed to have managed the online infrastructure for processing, selling, and utilizing the stolen session data. Law enforcement conducted searches at the suspect's residences, seizing mobile phones, computer equipment, and other digital evidence allegedly linking him to the operation. The suspect also reportedly engaged in cryptocurrency transactions with accomplices. Source: Bleeping Computer SC Staff Related Malware Microsoft disrupts Fox Tempest malware-signing service SC Staff May 20, 2026 Fox Tempest operated a platform called signspace[.]cloud, which allowed threat actors to obtain short-lived Microsoft-issued certificates via Artifact Signing. Malware REMUS infostealer evolves into sophisticated malware-as-a-service platform SC Staff May 18, 2026 Flare's analysis of 128 posts between February and May 2026 reveals REMUS's aggressive development cycle, mirroring structured software businesses. Malware Hackers use PyInstaller to hide XWorm malware SC Staff May 15, 2026 The attack begins with deceptive emails or fake software updates containing a seemingly harmless file. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Adware You can skip this ad in 5 seconds