- Europol disrupts Rhadamanthys, VenomRAT and Elysium, seizing servers, domains and arresting suspect
- The malware infrastructure held millions of stolen credentials and over 100,000 crypto wallets.
- Operation Endgame has already taken down major malware networks, although some, like DanaBot, have resurfaced.
Europol has launched the latest phase of its Operation Endgame, aimed at disrupting the activities of some of the largest malware operations active today.
A press release published on Europol’s website claims that between November 10 and 13, its agents, along with national law enforcement from a handful of European countries, allegedly disrupted Rhadamanthys, VenomRAT and Elysium.
The activities resulted in the shutdown or disruption of more than 1,000 servers, the seizure of 20 domains and the search of 11 sites (one each in Germany and Greece and nine in the Netherlands). Additionally, one person was arrested on suspicion of operating VenomRAT.
Europol’s activities
The dismantled malware infrastructure consisted of “hundreds of thousands of infected computers containing several million stolen credentials,” Europol said.
Many victims were unaware they were being targeted, he added, and said the main suspect behind the information stealer had access to “over 100,000 crypto wallets” potentially worth millions.
News of the operation first surfaced two days ago, when independent security researchers found that Rhadamanthys users were being locked out of the platform. These users, along with the malware’s operators, blamed German authorities for the disruption and urged their users to cover their tracks.
The last Operation Endgame activity was in May 2025, when Europol and Eurojust dismantled a ransomware kill chain. During the operation, police seized around 300 servers, removed 650 domains and issued international arrest warrants for 20 people. The police also seized 3.5 million euros in various cryptocurrencies.
Disrupting malware operations is commendable, but without arrests, it’s only a matter of time before it resurfaces. DanaBot, one of the operations shut down in May, resurfaced six months later, with rebuilt infrastructure and new cryptocurrency wallets to siphon stolen funds to.
Other backdoor, malware, and loader operations that were disrupted by Operation Endgame include IcedID, Smokeloader, Qakbot, and Trickbot.
Via Infosecurity Magazine
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
