- FBI and Indonesian police arrest suspect behind W3LL phishing kit
- Kit enabled spoofed sites, credential theft, and $20 million fraud attempts
- Infrastructure and domains seized, disrupting an important cybercrime resource
The FBI has revealed that it worked alongside the Indonesian National Police in taking down a major global phishing platform.
The office said it detained an individual with the initials GL, suspected of operating the W3LL phishing kit. The kit, which cost around $500, allowed other cybercriminals to quickly and easily create fake websites as well as phishing emails.
By combining the two, bad actors were able to steal people’s login credentials, opening the door to financial fraud, and attackers attempted to defraud victims of more than $20 million through the platform.
Article continues below.
W3LL good good
“This wasn’t just phishing, it was a full-service cybercrime platform,” said FBI Atlanta Special Agent in Charge Marlo Graham. “We will continue to work with our domestic and foreign law enforcement partners, using all available tools to protect the public.”
In addition to the W3LL kit, the cybercriminal also ran an online marketplace called W3LLSTORE, between 2019 and 2023, where other criminals were allowed to buy and sell stolen login credentials, among other things.
Until its closure in 2023, the store facilitated the sale of more than 25,000 compromised accounts, the FBI said. Following the shutdown, the platform was rebranded and actively marketed through encrypted messaging platforms, and was used to target over 17,000 victims worldwide.
In the operation, law enforcement “identified and seized the infrastructure that facilitated the phishing service” as well as “key domains linked to the operation.”
“The removal cuts off an important resource used by cybercriminals to gain unauthorized access to victims’ accounts,” the law enforcement agency said.
International law enforcement agencies have been searching for phishing kits for some time now.
In early March 2026, Europol and Microsoft took down Tycoon 2FA, one of the largest phishing platforms as a service (PhaaS) in the world. Before that, Europol said it removed LabHost, a phishing kit that provided infrastructure to host pages, interactive functionality to interact directly with victims, and campaign overview services, for a monthly fee of, on average, $249.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
