Algerian Man Extradited to US for Running Cybercrime Marketplaces Market0Day and Spoxy
Abdellah Belmili, a 26-year-old Algerian national, has been extradited to the US for allegedly operating the cybercrime marketplaces Market0Day and Spoxy, which sold phishing kits and bulk SMS services targeting major financial institutions.
Abdellah Belmili, a 26-year-old Algerian national, was recently arrested in Spain and extradited to the United States, where he faces up to 30 years in prison for allegedly running two cybercrime marketplaces. According to the US Justice Department, Belmili, also known as Dila Belmili and Spox, was the administrator of a cybercrime marketplace called Market0Day between September and December 2020. Authorities said Spox was known for developing phishing kits targeting major American financial institutions.
The US investigators who targeted the Market0Day website successfully purchased a JPMorgan Chase phishing kit and access to a compromised email server in December 2020. Shortly after, Spox announced that he was no longer the administrator of Market0Day and instead had created a new marketplace named Spoxy, where cybercriminals could acquire 'bulk SMS' services, which enabled them to conduct mass phishing and other campaigns through text messages.
“During the course of the conspiracy, Belmili is accused of defrauding multiple institutions, including American Express, Bank of America, JPMorgan Chase, and Wells Fargo, as well as financial institutions in the United Kingdom,” the Justice Department said. It added, “Between January 2020 and January 2023, approximately $900,000 was deposited into an account controlled by Belmili. The investigation has also identified approximately 5,600 U.S. and international victims.”
Belmili is in custody after being charged with conspiracy to commit bank fraud. While the crimes allegedly committed by the Algerian national took place several years ago, the US has recently shown that it will prosecute cybercriminals long after their crimes. A Romanian man was recently extradited to the United States for his alleged role in a hacking scheme dating back 17 years.
The case highlights the persistent threat of underground marketplaces that enable a wide range of cybercrime, from credential theft to mass phishing. Market0Day and Spoxy provided a one-stop shop for criminals to acquire tools and services, lowering the barrier to entry for launching attacks against financial institutions and their customers. The extradition of Belmili demonstrates international law enforcement cooperation in dismantling these illicit platforms.
This development comes amid a broader crackdown on cybercrime marketplaces. In related news, Dutch police recently dismantled a massive 17-million-device botnet, and a Ukrainian man pleaded guilty in the US to Conti ransomware charges. The Justice Department's pursuit of Belmili, even years after the alleged offenses, sends a clear message that cybercriminals cannot escape accountability through time or distance.
Court documents unsealed with the arraignment reveal that Belmili embedded his full name, 'Dila Belmili,' directly into the source code of his phishing kits, and built hidden backdoors into kits he sold to other criminals to continue harvesting victim data after the kits changed hands. Investigators identified approximately 595 distinct phishing kits tied to 5,600 victims, and traced roughly $900,000 in Bitcoin deposits through his Binance account between 2020 and 2023. The FBI also found that Belmili used the stolen identity of a 77-year-old Texas resident to register his second marketplace, spoxy.us.