Ukrainian police identify Odesa teen in $721,000 infostealer scheme

Ukrainian cyberpolice say a California online store was targeted by an infostealer-driven account-takeover operation involving 28,000 compromised accounts.

Cross-border infostealer operation

Ukrainian cyberpolice, in a joint effort with US law enforcement, have identified an 18-year-old man from Odesa suspected of helping run an infostealer operation that targeted customers of an online store in California between 2024 and 2025.

Investigators say the malware campaign harvested browser data, login credentials and active session information from infected devices. The stolen access allegedly exposed 28,000 customer accounts.

Thousands of accounts used for fraud

Criminals used 5,800 of the compromised accounts to make unauthorized purchases totaling about $721,000, police say. The retailer’s direct losses, including chargebacks, are estimated at roughly $250,000.

Infostealers have become an indispensable tool for threat actors, especially for account-takeover operations. Instead of merely collecting passwords, stealers can also grab browser cookies and session tokens that may let attackers re-enter accounts without triggering normal login checks.

Telegram bots and crypto trails

Police say stolen data was processed and sold through specialized online resources and Telegram bots. The suspect is accused of administering infrastructure used to organize, trade and exploit the stolen session data.

Searches at two residences led to the seizure of phones, computers, bank cards, storage media and other digital evidence. Investigators say they also found server logs, cryptocurrency exchange accounts and access to resources used to manage compromised accounts.

No arrest announced yet

Authorities say they have identified the suspect and gathered evidence, but the public announcement does not say anyone has been apprehended or formally charged. That suggests the investigation may still be active.

For online retailers, incidents like these should serve as an alarm that account security can’t rely solely on passwords or one-time codes. Monitoring for suspicious sessions, forcing token revocation after suspected compromise, detecting unusual purchase behavior and encouraging users to remove malware from infected devices are crucial to defending e-commerce accounts.

Customers can reduce exposure to infostealer attacks with a multi-layered security solution such as Bitdefender Ultimate Security, which includes anti-malware protection, scam protection, a password manager, unlimited VPN and digital identity protection across all major platforms.