Ukraine identifies infostealer operator tied to 28,000 stolen accounts

Ukrainian cyberpolice, cooperating with U.S. law enforcement, identified an 18-year-old in Odesa suspected of running an infostealer operation that infected users of a California online store between 2024–2025, stealing browser session tokens and credentials from 28,000 customer accounts — 5,800 of which were used for unauthorized purchases totaling about $721,000, causing roughly $250,000 in direct losses — and selling the stolen data via online resources and Telegram while investigators seized devices and digital evidence.