Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Cybercrime is big business, driving Nearly $21 billion in fraud and theft in 2026 alone. The FBI and Indonesian National Police took a big part of that late last week when the pair dismantled critical infrastructure of the phishing group W3LL, a program that can steal someone’s account credentials and data to bypass multi-factor authentication.
The W3LL phishing group became famous Target Microsoft 365 accountsbut a scammer can buy it online for $500 and target any number of services. They can then deploy a website that captures the user’s login information and session data, allowing the criminal to access the account without going through multi-factor authentication.
Read more: Best password manager in 2025
Cybersecurity company Group-IB, which It was documented for the first time The phishing group described W3LL in 2023 as a comprehensive phishing tool capable of creating custom phishing tools, providing email lists, and granting access to compromised servers. Its developer also created two major spam tools called PunnySender and W3LL Sender before the W3LL phishing group, and has been active in cybercrime since at least 2017.
“This was not just phishing, this was a full-service cybercrime platform,” said Marlo Graham, Special Agent in Charge of the FBI in Atlanta. press release.
Watch this: Your Phone is Disgusting: Let’s Fix That
Representatives of the FBI and Group-IB did not immediately respond to requests for comment.
According to the FBI, the kit was available on the W3LL marketplace from 2019 until the store closed in 2023. The developer, known publicly as GL, continued to sell the kit and compromised account details via encrypted messaging platforms. The FBI said authorities arrested a suspect believed to be GL
Read more: Anthropic says its new AI model is so good at spotting security risks, you can’t use it
The tool is responsible for a lot of damage. The FBI estimates that the W3LL store had more than 25,000 compromised accounts through 2023, and the tool was used to compromise an additional 17,000 accounts in 2023 and 2024. The criminals stole or attempted to steal nearly $20 million in total.
The cybercriminals who purchased this kit had access to customer service, including a ticket system and online chat. Those who were not familiar with the technology also had tutorial videos showing how to use the tool to create fake websites and steal credentials. The tool was sold primarily by word of mouth, with a 10% commission for referrals and a third-party reseller program with a 70/30 profit split.
The FBI has taken down the main group, but that may not be the end of the road for W3LL. Sekoia IO, a European cybersecurity company specializing in software as a service Identify similar toolssuch as Sneaky 2FA, which uses some W3LL source code. Cracked versions of W3LL have also been used circulated online for years.