Overview
- The FBI Atlanta Field Office, working with Indonesian police, dismantled the W3LL phishing platform Monday by seizing the w3ll.store domain under a U.S. court warrant and detaining the alleged developer known as “G. L.”
- The $500 kit generated look‑alike login pages and captured session cookies and one‑time codes, which let attackers bypass multi‑factor checks and stay logged in even after a password change.
- Investigators link the scheme to more than $20 million in attempted fraud and say the W3LL Store sold over 25,000 compromised accounts between 2019 and 2023.
- After the storefront closed in 2023, operators rebranded the tool on encrypted messaging apps, and campaigns in 2023–2024 targeted more than 17,000 victims worldwide.
- The all‑in‑one service supported business email compromise by enabling crooks to hijack Microsoft 365 inboxes to impersonate staff and reroute payments, and researchers note cracked copies and code reuse could spur copycats.