Feds Seize Password Database Used in Massive Bank Account Takeover Scheme

The US Justice Department announced on Monday the seizure of a web domain and a password database used by a cybercrime group to steal millions of dollars from bank accounts.

According to the DOJ, the seized domain, web3adspanels.org, hosted a backend web panel used by the cybercriminals to store and manipulate thousands of stolen bank login credentials.

The threat actor conducted a massive bank account takeover scheme that involved malicious ads on search engines such as Google and Bing in an effort to lure users to fake bank websites.

These phishing sites tricked victims into handing over their login credentials, which the cybercriminals could then use to access and drain their bank accounts.

The FBI has identified nearly 20 victims in the US, including two companies, and has determined that the cybercriminals attempted to steal roughly $28 million, with the actual losses estimated at approximately $14.6 million.

Estonian ...