The FBI and Indonesian National Police dismantled the W3LL phishing infrastructure, seized key domains, and detained alleged developer G.L after the kit was used to steal thousands of credentials and attempt more than $20 million in fraud. W3LL and its W3LL Store operated as an all‑in‑one phishing marketplace—selling kits for about $500, facilitating the sale of over 25,000 compromised accounts, and using adversary-in-the-middle techniques to hijack Microsoft 365 sessions and bypass MFA. #W3LL #W3LLStore
Keypoints
- FBI and Indonesian National Police dismantled the W3LL infrastructure and seized key domains.
- Alleged developer G.L was detained in connection with the operation.
- The W3LL phishing kit mimicked legitimate login pages to harvest credentials and was sold for about $500.
- W3LL used adversary-in-the-middle techniques to hijack session cookies and bypass Microsoft 365 multi-factor authentication.
- The W3LL Store serviced roughly 500 threat actors, sold over 25,000 compromised accounts, and helped target more than 17,000 victims between 2023 and 2024.
Read More: https://thehackernews.com/2026/04/fbi-and-indonesian-police-dismantle.html