Table of Contents
law enforcement officials in Pakistan have apprehended 21 individuals allegedly involved in operating Heartsender, a long-standing spam and malware distribution platform.
The arrests, conducted by Pakistan’s National Cyber Crime Examination Agency (NCCIA), followed raids in Lahore’s Bahria Town and Multan on May 15 and 16, according to a Dawn report. The suspects are accused of running Heartsender, a service that openly advertised phishing kits targeting users of Microsoft 365, Yahoo, AOL, Intuit, iCloud, and ID.me.
The NCCIA estimates that the group’s activities have led to over $50 million in losses in the United States alone, with European authorities investigating an additional 63 cases.
Heartsender’s Modus Operandi
The cybercrime service, also known as Fudpage and Fudtools, was shut down in January 2025 when the FBI and the Dutch Police seized the technical infrastructure. The term “fud” stands for “Fully Un-Detectable,” referring to resources designed to evade security tools.
“this wasn’t just a scam operation – it was essentially a cybercrime university that empowered fraudsters globally,”
The FBI has stated that transnational organized crime groups utilized these services primarily for business email compromise (BEC) schemes, deceiving companies into making payments to third parties.
Key Figures and Operational Security lapses
Among those arrested is Rameez shahzad, the alleged ringleader of the Heartsender operation, which most recently operated under the name WeCodeSolutions. Shahzad and his associates previously operated as The Manipulaters, a web hosting group. In 2019, The Manipulaters failed to renew their core domain name, which was then acquired by Scylla Intel, a cyber intelligence firm.
In 2024, DomainTools.com discovered that the web-hosted version of Heartsender leaked user facts, including customer credentials and email records. The malware infections exposed a wealth of data, revealing the group’s membership, operations, and position within the cybercrime ecosystem.
Shahzad is also known by the alias “Saim Raza,” who has contacted media outlets requesting the removal of stories about the group.In November 2024, the saim Raza identity claimed to have left the cybercrime industry.
The arrested suspects include Rameez Shahzad, Muhammad aslam (rameez’s Father), Atif Hussain, Muhammad Umar Irshad, Yasir Ali, Syed Saim Ali Shah, Muhammad No.Wan, Muhammad No.Sharewan, Burhanul haq, Adnan Munawar, Abdul Moiz, Hussnaain Haider, Bilal Ahmad, Dilbar Hussain, Muhammad Adeel Akram, Awais Rasool, Usama Farooq, Usama Mehmood and Hamad Nawaz.
Frequently Asked Questions
- What is Heartsender?
- Heartsender was a spam and malware distribution service used by cybercriminals to conduct phishing attacks and business email compromise (BEC) schemes.
- Who was behind Heartsender?
- Pakistani authorities have arrested 21 individuals allegedly involved in operating Heartsender,including the alleged ringleader,Rameez Shahzad.
- What are the potential consequences of using malware?
- malware can lead to data theft, financial losses, system damage, and reputational harm for individuals and organizations.
- How can I protect myself from phishing attacks?
- Be cautious of suspicious emails, verify requests for personal information, use strong passwords, and keep your software up to date.
