Following the massive botnet takedown codenamed Operation Endgame in May 2024, which shut down the biggest malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader and Bumblebee, law enforcement agencies across North America and Europe dealt another blow to the malware ecosystem in early 2025.
In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the actor known as ‘Superstar’, faced consequences such as arrests, house searches, arrest warrants or ‘knock and talks’. Superstar used his botnet to run a pay-per-install service, enabling customers to gain access to victims’ machines. Customers used the service to deploy malware for their own criminal activities. Investigations revealed that botnet access was purchased for a range of purposes, including keylogging, webcam access, ransomware deployment, cryptomining and more.
Read more…
Source: Europol
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- UK: The Princess of Wales’s hospital data breach not referred to police due to suspected ‘decoy’ plan
June 3, 2024
The Princess of Wales’s hospital data breach has not been referred to police as an expert explains that a “decoy” plan could have been in use – meaning her actual medical files were not accessed by the perpetrators. Despite Health Minister Maria Caulfield revealing back in March that the police had been asked to look into ...
- Europol: Largest ever operation against botnets hits dropper malware ecosystem
May 30, 2024
Between 27 and 29 May 2024 Operation Endgame, coordinated from Europol’s headquarters, targeted droppers including, IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. The actions focused on disrupting criminal services through arresting High Value Targets, taking down the criminal infrastructures and freezing illegal proceeds. This approach had a global impact on the dropper ecosystem. The malware, whose ...
- Northern Ireland: Disabled former police officers to receive damages for alleged data breach
May 30, 2024
Disabled former policemen and women in Northern Ireland are to receive undisclosed damages for an alleged data breach, their lawyer revealed today. Financial settlements were reached in legal action against the Charity Commission for Northern Ireland. Proceedings related to an investigation by the Commission into the workings of the Disabled Police Officers’ Association back in 2014. ...
- Data leak site BreachForums is back, boasting Live Nation/Ticketmaster user data. But is it a trap?
May 29, 2024
Notorious data leak site BreachForums appears to be back online after it was seized by law enforcement a few weeks ago. At least one of BreachForums domains and its dark web site are live again. However, questions have been raised over whether it is a genuine attempt to revive the forums once again or set up ...
- Guidance on the 911 S5 Residential Proxy Service
May 29, 2024
The Federal Bureau of Investigation (FBI), Defense Criminal Investigative Services (DCIS), and Department of Commerce (DOC) are publishing this announcement to notify the public of the dismantlement of the 911 S5 residential proxy service and to help individuals and businesses better understand and guard against 911 S5 proxy service and botnet. 911 S5 began operating in ...
- 23-year-old man accused of running $100 million online narcotics marketplace
May 21, 2024
Federal authorities have arrested a 23-year-old Taiwanese national and charged him with running an online market that sold $100 million worth of illicit narcotics, including fentanyl, cocaine, methamphetamine, heroin, LSD, and ketamine. The authorities said that for almost four years, Rui-Siang Lin operated and owned the Incognito Market, an online marketplace on the dark web that ...