A world coalition of legislation enforcement companies coordinated by Europol focused and took down three cybercrime operations in its newest spherical of what authorities name “Operation Endgame.”
In a press release, Europol mentioned that the police operation focused the infostealing malware Rhadamanthys, a botnet known as Elysium, and the distant entry trojan VenomRAT. The authorities say all three “performed a key position in worldwide cybercrime.” Police seized greater than 1,000 servers as a part of the operation.
Europol mentioned police arrested the unnamed “fundamental suspect” behind VenomRAT in Greece on November 3.
“The dismantled malware infrastructure consisted of lots of of 1000’s of contaminated computer systems containing a number of million stolen credentials,” the press launch learn. “Lots of the victims weren’t conscious of the an infection of their techniques.”
In keeping with Europol, the principle suspect behind Rhadamantys had entry to over 100,000 crypto wallets, “probably price thousands and thousands of euros.”
As an infostealer, Rhadamantys is designed to steal varied varieties of data from contaminated gadgets, together with passwords and cryptocurrency pockets keys. Rhadamantys spiked in reputation in October after authorities took down the popular infostealer Lumma earlier within the 12 months, displaying that after takedowns, criminals adapt by utilizing completely different hacking instruments that is perhaps much less recognized on the time.
When Rhadamantys launched in 2022, it initially relied on spreading by malicious Google commercials, and later grew due to word-of-mouth on underground boards, in response to Lumen’s Black Lotus Labs, one of many cybersecurity business companions in Operation Endgame.
Techcrunch occasion
San Francisco
|
October 13-15, 2026
The agency wrote in a blog post that Rhadamantys had a “dramatic uptick” and a “constant rise within the variety of victims” after the Lumma takedown, making it “the biggest information-stealer malware by quantity.” In October, the infostealer had compromised greater than 12,000 victims, in response to the agency.
Ryan English, a researcher at Black Lotus Labs, informed TechCrunch that Rhadamantys “emerged because the ‘subsequent’ go-to infostealer” after Lumma went down.
“We all know that others will take their place, so we simply hold monitoring to see who’s rising from that,” mentioned English, including that legislation enforcement and the broader business “can solely accomplish that a lot at any time.”
“So in a really actual sense, it’s whack-a-mole eternally,” mentioned English.
