Three "high-profile internet fraud suspects" are detained by Nigerian authorities. They are accused of participating in phishing attacks directed at large corporations. Okitipi Samuel, aka Moses Felix, is the primary suspect.

The primary developer of the RaccoonO365 phishing-as-a-service (PhaaS) program is Samuel. The two other arrested individuals have no connection to the creation or operation of the PhaaS service, per the NPF. Following raids in the states of Lagos and Edo, the arrests were made.

The development comes as Google filed a lawsuit against the operators of the Darcula service. Google is seeking a court order to seize the group's server infrastructure that has been behind a massive smishing wave impersonating U.S. government entities.

The company is also suing China-based hackers associated with another PhAAS service called Lighthouse, which is thought to have affected more than a million users in 120 countries. The tech behemoth claimed in September 2025 that it collaborated with Cloudflare to take control of 338 domains that RaccoOnO365 was using. Since July 2024, at least 5,000 Microsoft credentials from 94 countries are thought to have been stolen thanks to the phishing infrastructure linked to the toolkit.

Joshua Ogundipe was named in the lawsuit as the operation's mastermind. It's unclear where he is right now. A Microsoft representative told The Hacker News that investigations are still ongoing when contacted for comment.

NBC News first covered the case on December 17,

2025.

In the near future, an out-of-court settlement is anticipated. Return to Mail Online. return to the original page.

According to the original article, Microsoft was using Storm-2246 to track the threat actor. We are pleased to make it clear that this is untrue.