- Rhadamanthys infostealer disrupted; cyber criminals locked out of web panels
- Developer blames German police; Tor site offline without seizure banner
- Operation Endgame countdown hints at broader law enforcement action against MaaS
Rhadamanthy’s infostealer, one of the most popular malware-as-a-service (MaaS) offerings on the dark web, has apparently been disrupted, with many of its customers locked out.
Researchers known as g0njxa and Gi7w0rm saw several cybercriminals report problems using the tool since police gained access to their web panels.
MaaS’s developer blamed German police for the disruption, saying devices with German IP addresses logged into the web panels hosted in EU data centers just before access was revoked.
German police are to blame
However, German police have yet to confirm or deny these claims. speaks to Bleeping ComputerG0njxa said Rhadamanthys’ Tor page is also offline, but it doesn’t currently have the usual police seizure banner, so there’s still a chance this is the work of another actor.
For one user, SSH access now requires a certificate instead of the root password, which prevents entry: “If your password cannot login. Server login method has also been changed to certificate login mode, please check and confirm, if so, immediately reinstall your server, delete traces, the German police are acting,” the person allegedly wrote.
“I confirm that guests have visited my server and the password has been cleared. RootServer login became strictly certificate-based, so I had to immediately delete everything and shut down the server,” wrote another. “Those who installed it manually were probably unscathed, but those who installed it through the ‘smart panel’ were hit hard.”
At the same time, Bleeping Computer revealed the website for Operation Endgame, an ongoing police operation targeting various MaaS operations, which currently has a countdown timer set to expire in approximately 21 hours.
Operation Endgame’s last activity was in May 2025, when Europol and Eurojust dismantled a ransomware kill chain. In that operation, the police seized around 300 servers, took down 650 domains and issued international arrest warrants for 20 people. The police also seized 3.5 million euros in various cryptocurrencies.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
