Nigerian authorities, aided by international partners, arrested a developer connected to RaccoonO365, a phishing‑as‑a‑service toolkit that cloned Microsoft 365 login pages and stole credentials. The takedown follows domain seizures and investigations that linked the toolkit to widespread credential theft and business email compromise.

News4Hackers reports that Nigerian law enforcement, in coordination with international partners and following prior domain seizures, arrested a developer associated with RaccoonO365, a commercial phishing‑as‑a‑service platform. The toolkit enabled operators to spin up counterfeit Microsoft 365 login pages, distribute phishing URLs via Telegram and other channels, and harvest thousands of credentials globally. Investigations tied the toolkit to cascading harms including business‑email compromise, account takeover, and downstream financial fraud affecting organizations and individuals. The arrest focused on an operator who designed and sold phishing infrastructure and managed distribution channels; authorities portrayed it as part of broader efforts to disrupt PhaaS ecosystems. The News4Hackers piece places the action in the context of recent cooperative enforcement that combines domain seizures, takedown requests to hosting providers, and platform intelligence from major tech firms. Analysts quoted in the report warn that despite arrests, similar toolkits can reappear quickly unless takedowns are paired with sustained platform controls, tougher marketplace enforcement, and international legal cooperation to dismantle the monetization chains supporting phishing services.