- FBI and Indonesian police detain suspect behind W3LL phishing kit
- Kit-enabled fake websites, credential theft, $20M fraud attempt
- Infrastructure and domains seized and cut off major resources in cybercrime
The FBI has revealed that it worked with the Indonesian National Police in taking down a major global phishing platform.
The agency said it detained an individual with the initials GL, suspected of operating the W3LL phishing kit. The kit, which cost about $500, allowed other cybercriminals to quickly and easily create fake websites as well as phishing emails.
Through the combination of the two, malicious actors were able to steal people’s login information, opening the door to financial fraud, with the attackers attempting to defraud victims of more than $20 million through the platform.
The article continues below
W3LL good good
“This wasn’t just phishing — it was a full-service cybercrime platform,” said FBI Atlanta Special Agent Marlo Graham. “We will continue to work with our domestic and foreign law enforcement partners using all available tools to protect the public.”
In addition to the W3LL kit, the cybercriminal also operated an online marketplace called W3LLSTORE, between 2019 and 2023, where other crooks were allowed to buy and sell stolen login credentials, among other things.
Until its closure in 2023, the store facilitated the sale of more than 25,000 compromised accounts, the FBI said. After the shutdown, the platform morphed and was actively marketed over encrypted messaging platforms and used to target more than 17,000 victims worldwide.
In the operation, law enforcement “identified and seized infrastructure facilitating the phishing service,” as well as “key domains associated with the operation.”
“The removal cuts off a major resource used by cybercriminals to gain unauthorized access to victims’ accounts,” the law enforcement agency said.
International law enforcement agencies have been on the hunt for phishing kits for quite some time now.
In early March 2026, Europol and Microsoft took down Tycoon 2FA, one of the largest phishing-as-a-service (PhaaS) platforms in the world. Before then, Europol said it removed LabHost, a phishing kit that provided infrastructure for hosting pages, interactive functionality for direct contact with victims and campaign overview services, for a monthly fee averaging $249.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
