Austin Feds Haul In Armenian Suspect In International Password‑Stealing Malwar

Hoodline

Mar 25 2026

By Sophie Leclerc

An Armenian national has been flown into the federal courthouse spotlight in Austin, where prosecutors say the defendant played a role in an international information‑stealing malware operation that helped cybercriminals loot victims’ digital lives. According to federal authorities, the scheme leaned on so‑called “infostealer” programs that swipe saved passwords, browser cookies and cryptocurrency keys from infected devices, with investigators stressing that the case spans borders and agencies.

According to a post by the U.S. Attorney’s Office for the Western District of Texas, the defendant was extradited to the United States and has now made an initial appearance on federal charges in Austin. The March 25 post credits a long list of partners, including the FBI’s San Antonio field office, the Naval Criminal Investigative Service, IRS Criminal Investigation, the Army Criminal Investigation Division and the Department of Defense inspector general. Prosecutors have not yet released a full charging instrument to the public and referred additional questions back to the U.S. Attorney’s Office.

How infostealers work

Info‑stealing malware is built to lurk quietly in the background while it lifts login credentials, device fingerprints and session cookies that can let criminals slip into accounts without ever touching a password prompt. The Department of Justice has described these tools and the online markets that sell their output as a lucrative foundation for identity theft and financial fraud, and has used court‑authorized domain seizures to knock out the web infrastructure that keeps them running, according to the Department of Justice.

Previous Austin prosecutions show the scale

This is not Austin’s first brush with major infostealer cases. The Western District of Texas has previously gone after operators tied to the Raccoon Infostealer, which prosecutors said was sold as a malware‑as‑a‑service product that powered widespread credential theft. In that case, the U.S. Attorney’s Office reported that the software “was responsible for compromising more than 52 million user credentials,” and defendants faced charges including conspiracy to commit computer intrusion, money laundering, wire fraud and aggravated identity theft, as detailed by the U.S. Attorney’s Office for the Western District of Texas. Investigators in Austin worked alongside FBI cyber teams and other federal partners to bring that matter into court.

What’s next in Austin

The newly arrived case will move forward in federal court in Austin, where prosecutors may seek an indictment, and the defendant will go through pretrial hearings and motion practice. If the charges track with past infostealer prosecutions, defendants in similar cases can face lengthy prison terms, orders to pay restitution, and exposure to asset forfeiture under federal computer intrusion and fraud statutes.

Victim resources and how to respond

Anyone who suspects their accounts or devices were compromised in an information‑stealing malware attack is urged to file a report with the FBI’s Internet Crime Complaint Center and to review federal victim‑assistance resources. Submitting a complaint through the Internet Crime Complaint Center helps investigators map the scope of stolen credentials and related fraud and can support ongoing and future prosecutions.

How infostealers work

Info‑stealing malware is built to lurk quietly in the background while it lifts login credentials, device fingerprints and session cookies that can let criminals slip into accounts without ever touching a password prompt. The Department of Justice has described these tools and the online markets that sell their output as a lucrative foundation for identity theft and financial fraud, and has used court‑authorized domain seizures to knock out the web infrastructure that keeps them running, according to the Department of Justice.

Previous Austin prosecutions show the scale

This is not Austin’s first brush with major infostealer cases. The Western District of Texas has previously gone after operators tied to the Raccoon Infostealer, which prosecutors said was sold as a malware‑as‑a‑service product that powered widespread credential theft. In that case, the U.S. Attorney’s Office reported that the software “was responsible for compromising more than 52 million user credentials,” and defendants faced charges including conspiracy to commit computer intrusion, money laundering, wire fraud and aggravated identity theft, as detailed by the U.S. Attorney’s Office for the Western District of Texas. Investigators in Austin worked alongside FBI cyber teams and other federal partners to bring that matter into court.

What’s next in Austin

The newly arrived case will move forward in federal court in Austin, where prosecutors may seek an indictment, and the defendant will go through pretrial hearings and motion practice. If the charges track with past infostealer prosecutions, defendants in similar cases can face lengthy prison terms, orders to pay restitution, and exposure to asset forfeiture under federal computer intrusion and fraud statutes.

Victim resources and how to respond

Anyone who suspects their accounts or devices were compromised in an information‑stealing malware attack is urged to file a report with the FBI’s Internet Crime Complaint Center and to review federal victim‑assistance resources. Submitting a complaint through the Internet Crime Complaint Center helps investigators map the scope of stolen credentials and related fraud and can support ongoing and future prosecutions.