Algerian Man Extradited to US for Running Cybercrime Marketplaces

Summary

Abdellah Belmili, an Algerian national, has been extradited to the US to face charges for allegedly operating two cybercrime marketplaces, Market0Day and Spoxy. These platforms facilitated the sale of phishing kits and bulk SMS services for mass phishing campaigns. Belmili is accused of defrauding multiple financial institutions and impacting thousands of victims, with approximately $900,000 deposited into his controlled account.

Full text

Abdellah Belmili, a 26-year-old Algerian national, was recently arrested in Spain and extradited to the United States, where he faces up to 30 years in prison for allegedly running two cybercrime marketplaces. According to the US Justice Department, Belmili, also known as Dila Belmili and Spox, was the administrator of a cybercrime marketplace called Market0Day between September and December 2020. Authorities said Spox was known for developing phishing kits targeting major American financial institutions. The US investigators who targeted the Market0Day website successfully purchased a JPMorgan Chase phishing kit and access to a compromised email server in December 2020. Shortly after, Spox announced that he was no longer the administrator of Market0Day and instead had created a new marketplace named Spoxy, where cybercriminals could acquire ‘bulk SMS’ services, which enabled them to conduct mass phishing and other campaigns through text messages. “During the course of the conspiracy, Belmili is accused of defrauding multiple institutions, including American Express, Bank of America, JPMorgan Chase, and Wells Fargo, as well as financial institutions in the United Kingdom,” the Justice Department said. Advertisement. Scroll to continue reading. It added, “Between January 2020 and January 2023, approximately $900,000 was deposited into an account controlled by Belmili. The investigation has also identified approximately 5,600 U.S. and international victims.” Belmili is in custody after being charged with conspiracy to commit bank fraud. While the crimes allegedly committed by the Algerian national took place several years ago, the US has recently shown that it will prosecute cybercriminals long after their crimes. A Romanian man was recently extradited to the United States for his alleged role in a hacking scheme dating back 17 years. Related: Russian Initial Access Broker Behind FortiBleed Campaign Related: Ukrainian Man Pleads Guilty in US to Conti Ransomware Charges Related: Dutch Police Dismantle Massive 17-Million-Device Botnet Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Eduard Kovacs Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User DataNew Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhonesTexas Parks & Wildlife Data Breach Affects 3 Million IndividualsCisco to Acquire WideField Security to Boost Splunk’s Agentic SOCSplunk Enterprise Vulnerability Exploited in Attacks Days After DisclosureAccenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity PushRokarolla Banking Trojan Targets 200 ApplicationsSailPoint to Acquire Entro in Reported $200 Million Deal Latest News Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel AttacksCISO Conversations: Carl Froggett – Combining CISO and CIO at Deep InstinctFFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS AppliancesOpenAI Refocuses Cybersecurity Efforts on Patching Over DiscoveryRussian Initial Access Broker Behind FortiBleed CampaignCanadian Electricity Provider London Hydro Discloses Data BreachTrump Signs Executive Order Accelerating Post-Quantum Cryptography Migration Xsolis Data Breach Affects 1.4 Million Individuals Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: How Modern Breaches Bypass MFA and Evade Detection June 17, 2026 Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes. Register Webinar: Modern Exposure Validation in the AI Era June 24, 2026 AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program. Register People on the MoveSolarWinds has appointed Justin Henkel as Chief Information Security Officer.J. Paul Haynes has joined Cinchy as Chief Executive Officer.Hatem Naguib has become Chief Executive Officer at Sysdig.More People On The MoveExpert Insights What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage. (Torsten George) No Exploits Required Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures. (Tod Beardsley) After AI Reaches Production: 12 Ways Security Teams Can Take Control Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb) Everybody Is Vibe Coding But Nobody Told the Security Team AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au) The Zero-Knowledge Threat Actor and the End of Responsible Disclosure AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• domain — market0day.com
• domain — spoxy.com
• mitre_attack — T1566.001
• mitre_attack — T1566.002
• mitre_attack — T1071.001

Entities