Law enforcement officials in Ukraine, in coordination with authorities from the U.S. and Australia, last week shut down one of the world’s largest phishing services that were used to attack financial institutions in 11 countries, causing tens of millions of dollars in losses.
The Ukrainian attorney general’s office said it worked with the National Police and its Main Investigation Department to identify a 39-year-old man from the Ternopil region who developed a phishing package and a special administrative panel for the service, which were then aimed at several banks located in Australia, Spain, the U.S., Italy, Chile, the Netherlands, Mexico, France, Switzerland, Germany, and the U.K.
Computer equipment, mobile phones, and hard drives were seized as part of five authorized searches conducted during the course of the operation.
Security researcher Brian Krebs noted the raids were in connection with U-Admin, a phishing framework that makes use of fake web pages to pilfer victim credentials more efficiently.
It is estimated that over 50% of all phishing attacks in 2019 in Australia were carried out using the phishing toolkit.
The hacker is believed to have not only sold his products to customers around the world via an online store in the dark web but also alleged to have provided technical support during phishing attacks.
More than 200 active buyers of malicious software have been identified, Ukrainian officials said.
U-Admin allowed customers to exfiltrate data entered by victims on compromised websites by injecting malicious code into the browser. The crimeware platform’s info-stealing capabilities also extended to capturing two-factor authentication codes.
The hacker, who has been arrested on charges of creating and distributing malicious software and breaking into computer networks, faces up to six years of imprisonment if found guilty.