- Rhadamanthys’ information thief is disturbed; cybercriminals excluded from web panels
- Developer blames German police; Tor site offline without typing banner
- Countdown to Operation Endgame hints at broader law enforcement action against MaaS
Infostealer Rhadamanthys, one of the most popular malware-as-a-service (MaaS) offerings on the dark web, has apparently been disrupted, with many of its customers locked out.
Researchers known as g0njxa and Gi7w0rm have seen several cybercriminals report problems using the tool since police gained access to their web panels.
The MaaS developer blamed German police for the disruption, saying entities with German IP addresses were connecting to web panels hosted in EU data centers just before access was revoked.
German police accused
However, German police have not yet confirmed or denied these claims. Talk to BeepComputerG0njxa said that Rhadamanthys’ Tor site is also offline, but currently doesn’t have the usual police seizure banner, so it’s still possible that it’s the work of another actor.
For a user, SSH access now requires a certificate instead of the root password, preventing entry: “If your password cannot log in. The server connection method has also been changed to certificate connection mode, please check and confirm, if so, immediately reinstall your server, clear traces, German police are taking action,” this person reportedly wrote.
“I confirm that guests visited my server and the password was removed. The connection to the root server became strictly certificate based so I had to delete everything immediately and shut down the server,” wrote another. “Those who installed it manually are likely unscathed, but those who installed it via the ‘smart panel’ were hit hard.”
At the same time, BeepComputer discovered the website for Operation Endgame, an ongoing police action targeting different MaaS operations, currently has a countdown timer, which expires in approximately 21 hours.
The last Operation Endgame activity was in May 2025, when Europol and Eurojust dismantled a ransomware kill chain. During the operation, police seized around 300 servers, removed 650 domains and issued international arrest warrants for 20 people. The police also seized 3.5 million euros in various cryptocurrencies.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
