{"id":1880658,"date":"2026-04-13T21:21:21","date_gmt":"2026-04-13T18:21:21","guid":{"rendered":"https:\/\/analyse.optim.biz\/?p=1880658"},"modified":"2026-04-13T21:21:21","modified_gmt":"2026-04-13T18:21:21","slug":"the-feds-took-down-a-full-service-cybercrime-platform-behind-20m-in-phishing","status":"publish","type":"post","link":"https:\/\/analyse.optim.biz\/?p=1880658","title":{"rendered":"The Feds Took Down a ‘Full-Service Cybercrime Platform’ Behind $20M in Phishing"},"content":{"rendered":"

[analyse_image type=”featured” src=”https:\/\/www.cnet.com\/a\/img\/resize\/a3a7ab67f14322be73d9aa32bb17a0b47beb2a6f\/hub\/2026\/04\/13\/85966404-fbe4-4ad5-a5cb-4b3627f60d5a\/gettyimages-2269889340.jpg?auto=webp&fit=crop&height=675&width=1200″]<\/p>\n

\n
\n
\n
\n

Cybercrime is a big business, driving nearly $21 billion<\/span><\/span> in fraud and theft in 2026 alone. The FBI and the Indonesian National Police took a chunk out of that late last week when the pair took down infrastructure vital to the W3LL phishing kit, a piece of software that could steal someone’s account credentials and data to bypass multi-factor authentication.\u00a0<\/p>\n

The W3LL phishing kit was best known for targeting Microsoft 365 accounts, but a crook could purchase it for $500 online and target any number of services. They could then deploy a website that captures a user’s login information and session data, giving the criminal access to the account without going through multi-factor authentication.\u00a0<\/p>\n

Read more:<\/strong> Best Password Manager in 2025<\/p>\n

The cybersecurity firm Group-IB, which\u00a0first documented the W3LL phishing kit in 2023, described it as an all-in-one phishing tool capable of making custom phishing tools, providing email lists, and granting access to compromised servers. Its developer also made a couple of bulk email spam tools called PunnySender and W3LL Sender before the W3LL phishing kit, and has been active in cybercrime since at least 2017.\u00a0<\/p>\n

“This wasn’t just phishing — it was a full-service cybercrime platform,” FBI Atlanta Special Agent in Charge Marlo Graham said in a press release.\u00a0<\/p>\n

\n
\n
\n
\n
\n
<\/div>\n<\/figure>\n<\/div>\n
Watch this:<\/strong> Your Phone is Disgusting: Let’s Fix That\n <\/div>\n

Representatives for the FBI and Group-IB did not immediately respond to requests for comment.<\/p>\n

According to the FBI, the kit was available in the W3LL marketplace from 2019 until the store closed in 2023. The developer, known publicly as G.L, continued selling the kit and compromised account details over encrypted messaging platforms. The FBI said authorities detained a suspect believed to be G.L.\u00a0<\/p>\n

Read more:<\/strong>Anthropic Says Its New AI Model Is So Good at Finding Security Risks, You Can’t Use It<\/span><\/span><\/p>\n

The tool is responsible for quite a lot of damage. The FBI estimates that the W3LL store housed more than 25,000 compromised accounts up through 2023 and the tool was used to compromise an additional 17,000 accounts in 2023 and 2024. Criminals stole, or attempted to steal, roughly $20 million in total.\u00a0<\/p>\n

Cybercriminals who purchased the kit had access to customer service, including a ticketing system and web chat. Those who weren’t particularly tech savvy also had tutorial videos showing how to use the tool to craft fake websites and steal credentials. The tool was sold primarily by word of mouth, with a 10% commission for referrals and a third-party vendor program with a 70\/30 split on profits.\u00a0<\/p>\n

The FBI took down the main kit, but it may not be the end of the road for W3LL. Sekoia IO, a European cybersecurity company specializing in software-as-a-service, has identified similar tools, such as Sneaky 2FA, which uses some W3LL source code. Cracked versions of W3LL have also been circulating online for years.<\/p>\n<\/article>\n<\/div>\n<\/div>\n

\n
\n
\n
\n

\n Services and Software Guides
\n <\/h2>\n
\n
\n

\n VPN
\n <\/span><\/div>\n
\n
    \n
  • \n Best VPN\n <\/li>\n
  • \n Best iPhone VPN\n <\/li>\n
  • \n Best Free VPN\n <\/li>\n
  • \n Best Android VPN\n <\/li>\n
  • \n Best Mac VPN\n <\/li>\n
  • \n Best Mobile VPN\n <\/li>\n
  • \n Best VPN for Firestick\n <\/li>\n
  • \n Best VPN for Windows\n <\/li>\n
  • \n Fastest VPN\n <\/li>\n
  • \n Best Cheap VPN\n <\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n
    \n
    \n

    \n Cybersecurity
    \n <\/span><\/div>\n
    \n
      \n
    • \n Best Password Manager\n <\/li>\n
    • \n Best Antivirus\n <\/li>\n
    • \n Best Identity Theft Protection\n <\/li>\n
    • \n Best LastPass Alternative\n <\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n
      \n
      \n

      \n Streaming Services
      \n <\/span><\/div>\n
      \n
        \n
      • \n Best Live TV Streaming Service\n <\/li>\n
      • \n Best Streaming Service\n <\/li>\n
      • \n Best Free TV Streaming Service\n <\/li>\n
      • \n Best Music Streaming Services\n <\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n
        \n
        \n

        \n Web Hosting & Websites
        \n <\/span><\/div>\n
        \n
          \n
        • \n Best Web Hosting\n <\/li>\n
        • \n Best Minecraft Server Hosting\n <\/li>\n
        • \n Best Website Builder\n <\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n
          \n
          \n

          \n Other Services & Software
          \n <\/span><\/div>\n
          \n
            \n
          • \n Best Dating Sites\n <\/li>\n
          • \n Best Language Learning Apps\n <\/li>\n
          • \n Best Weather App\n <\/li>\n
          • \n Best Stargazing Apps\n <\/li>\n
          • \n Best Cloud Storage\n <\/li>\n
          • \n Best Resume Writing Services\n <\/li>\n
          • \n New Coverage on Operating Systems\n <\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
            \n
            \n
            \n

            Cybercrime is a big business, driving nearly $21 billion<\/span><\/span> in fraud and theft in 2026 alone. The FBI and the Indonesian National Police took a chunk out of that late last week when the pair took down infrastructure vital to the W3LL phishing kit, a piece of software that could steal someone’s account credentials and data to bypass multi-factor authentication.\u00a0<\/p>\n

            The W3LL phishing kit was best known for targeting Microsoft 365 accounts, but a crook could purchase it for $500 online and target any number of services. They could then deploy a website that captures a user’s login information and session data, giving the criminal access to the account without going through multi-factor authentication.\u00a0<\/p>\n

            Read more:<\/strong> Best Password Manager in 2025<\/p>\n

            The cybersecurity firm Group-IB, which\u00a0first documented the W3LL phishing kit in 2023, described it as an all-in-one phishing tool capable of making custom phishing tools, providing email lists, and granting access to compromised servers. Its developer also made a couple of bulk email spam tools called PunnySender and W3LL Sender before the W3LL phishing kit, and has been active in cybercrime since at least 2017.\u00a0<\/p>\n

            “This wasn’t just phishing — it was a full-service cybercrime platform,” FBI Atlanta Special Agent in Charge Marlo Graham said in a press release.\u00a0<\/p>\n

            \n
            \n
            \n
            \n
            \n
            <\/div>\n<\/figure>\n<\/div>\n
            Watch this:<\/strong> Your Phone is Disgusting: Let’s Fix That\n <\/div>\n

            Representatives for the FBI and Group-IB did not immediately respond to requests for comment.<\/p>\n

            According to the FBI, the kit was available in the W3LL marketplace from 2019 until the store closed in 2023. The developer, known publicly as G.L, continued selling the kit and compromised account details over encrypted messaging platforms. The FBI said authorities detained a suspect believed to be G.L.\u00a0<\/p>\n

            Read more:<\/strong>Anthropic Says Its New AI Model Is So Good at Finding Security Risks, You Can’t Use It<\/span><\/span><\/p>\n

            The tool is responsible for quite a lot of damage. The FBI estimates that the W3LL store housed more than 25,000 compromised accounts up through 2023 and the tool was used to compromise an additional 17,000 accounts in 2023 and 2024. Criminals stole, or attempted to steal, roughly $20 million in total.\u00a0<\/p>\n

            Cybercriminals who purchased the kit had access to customer service, including a ticketing system and web chat. Those who weren’t particularly tech savvy also had tutorial videos showing how to use the tool to craft fake websites and steal credentials. The tool was sold primarily by word of mouth, with a 10% commission for referrals and a third-party vendor program with a 70\/30 split on profits.\u00a0<\/p>\n

            The FBI took down the main kit, but it may not be the end of the road for W3LL. Sekoia IO, a European cybersecurity company specializing in software-as-a-service, has identified similar tools, such as Sneaky 2FA, which uses some W3LL source code. Cracked versions of W3LL have also been circulating online for years.<\/p>\n<\/article>\n<\/div>\n<\/div>\n

            \n

            Cybercrime is a big business, driving nearly $21 billion<\/span><\/span> in fraud and theft in 2026 alone. The FBI and the Indonesian National Police took a chunk out of that late last week when the pair took down infrastructure vital to the W3LL phishing kit, a piece of software that could steal someone’s account credentials and data to bypass multi-factor authentication.\u00a0<\/p>\n

            The W3LL phishing kit was best known for targeting Microsoft 365 accounts, but a crook could purchase it for $500 online and target any number of services. They could then deploy a website that captures a user’s login information and session data, giving the criminal access to the account without going through multi-factor authentication.\u00a0<\/p>\n

            Read more:<\/strong> Best Password Manager in 2025<\/p>\n

            The cybersecurity firm Group-IB, which\u00a0first documented the W3LL phishing kit in 2023, described it as an all-in-one phishing tool capable of making custom phishing tools, providing email lists, and granting access to compromised servers. Its developer also made a couple of bulk email spam tools called PunnySender and W3LL Sender before the W3LL phishing kit, and has been active in cybercrime since at least 2017.\u00a0<\/p>\n

            “This wasn’t just phishing — it was a full-service cybercrime platform,” FBI Atlanta Special Agent in Charge Marlo Graham said in a press release.\u00a0<\/p>\n

            \n
            \n
            \n
            \n
            \n
            <\/div>\n<\/figure>\n<\/div>\n
            Watch this:<\/strong> Your Phone is Disgusting: Let’s Fix That\n <\/div>\n

            Representatives for the FBI and Group-IB did not immediately respond to requests for comment.<\/p>\n

            According to the FBI, the kit was available in the W3LL marketplace from 2019 until the store closed in 2023. The developer, known publicly as G.L, continued selling the kit and compromised account details over encrypted messaging platforms. The FBI said authorities detained a suspect believed to be G.L.\u00a0<\/p>\n

            Read more:<\/strong>Anthropic Says Its New AI Model Is So Good at Finding Security Risks, You Can’t Use It<\/span><\/span><\/p>\n

            The tool is responsible for quite a lot of damage. The FBI estimates that the W3LL store housed more than 25,000 compromised accounts up through 2023 and the tool was used to compromise an additional 17,000 accounts in 2023 and 2024. Criminals stole, or attempted to steal, roughly $20 million in total.\u00a0<\/p>\n

            Cybercriminals who purchased the kit had access to customer service, including a ticketing system and web chat. Those who weren’t particularly tech savvy also had tutorial videos showing how to use the tool to craft fake websites and steal credentials. The tool was sold primarily by word of mouth, with a 10% commission for referrals and a third-party vendor program with a 70\/30 split on profits.\u00a0<\/p>\n

            The FBI took down the main kit, but it may not be the end of the road for W3LL. Sekoia IO, a European cybersecurity company specializing in software-as-a-service, has identified similar tools, such as Sneaky 2FA, which uses some W3LL source code. Cracked versions of W3LL have also been circulating online for years.<\/p>\n<\/article>\n

            [analyse_source url=”http:\/\/cnet.com\/tech\/services-and-software\/fbi-w3ll-phishing-platform\/”]<\/p>\n","protected":false},"excerpt":{"rendered":"

            [analyse_image type=”featured” src=”https:\/\/www.cnet.com\/a\/img\/resize\/a3a7ab67f14322be73d9aa32bb17a0b47beb2a6f\/hub\/2026\/04\/13\/85966404-fbe4-4ad5-a5cb-4b3627f60d5a\/gettyimages-2269889340.jpg?auto=webp&fit=crop&height=675&width=1200″] Cybercrime is a big business, driving nearly $21 billion in fraud and theft in 2026 alone. The FBI and the Indonesian National Police took a chunk out of that late last week when the pair took down infrastructure vital to the W3LL phishing kit, a piece of software that could steal someone’s […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[67,226],"class_list":["post-1880658","post","type-post","status-publish","format-standard","hentry","category-politics","tag-cnet-com","tag-crawlmanager"],"_links":{"self":[{"href":"https:\/\/analyse.optim.biz\/index.php?rest_route=\/wp\/v2\/posts\/1880658","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/analyse.optim.biz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/analyse.optim.biz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/analyse.optim.biz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/analyse.optim.biz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1880658"}],"version-history":[{"count":0,"href":"https:\/\/analyse.optim.biz\/index.php?rest_route=\/wp\/v2\/posts\/1880658\/revisions"}],"wp:attachment":[{"href":"https:\/\/analyse.optim.biz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1880658"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/analyse.optim.biz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1880658"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/analyse.optim.biz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1880658"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}