- Europol disrupts Rhadamanthys, VenomRAT and Elysium, seizes servers, domains and arrests a suspect
- The malware infrastructure housed millions of stolen credentials and over 100,000 crypto wallets
- Operation Endgame previously dismantled major malware networks, although some like DanaBot have re-emerged
Europol has launched the latest phase of its Operation Endgame, which seeks to disrupt the activities of some of the largest malware operations active today.
A press release published on Europol’s website claims that between November 10 and 13, its agents, along with national law enforcement agencies from a handful of European countries, disrupted Rhadamanthys, VenomRAT and Elysium.
The activities resulted in more than 1,000 servers either being taken down or disrupted, 20 domains being seized and 11 locations being raided (one in Germany and Greece and nine in the Netherlands). Furthermore, a person was arrested, suspected of operating VenomRAT.
Europol’s activities
The dismantled malware infrastructure consisted of “hundreds of thousands of infected computers containing several million stolen credentials,” Europol explained.
Many of the victims were unaware they were targeted, it added, saying the prime suspect behind the info thief had access to “over 100,000 crypto wallets” potentially worth millions.
News of the operation only emerged two days ago, when independent security researchers saw Rhadamanthys’ users being locked out of the platform. These users, as well as the malware’s operators, blamed the German authorities for the disruption and encouraged their users to cover their tracks.
Operation Endgame’s last activity was in May 2025, when Europol and Eurojust dismantled a ransomware kill chain. In that operation, the police seized around 300 servers, took down 650 domains and issued international arrest warrants for 20 people. The police also seized 3.5 million euros in various cryptocurrencies.
Disrupting malware operations is commendable, but without arrests, it’s only a matter of time before they resurface. DanaBot, one of the operations taken down in May, resurfaced six months later with rebuilt infrastructure and new cryptocurrency wallets to retrieve stolen funds.
Other backdoor, malware, and loader operations disrupted through Operation Endgame include IcedID, Smokeloader, Qakbot, and Trickbot.
Via Information security Magazine
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
