Following the massive botnet takedown codenamed Operation Endgame in May 2024, which shut down the biggest malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader and Bumblebee, law enforcement agencies across North America and Europe dealt another blow to the malware ecosystem in early 2025.
In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the actor known as ‘Superstar’, faced consequences such as arrests, house searches, arrest warrants or ‘knock and talks’. Superstar used his botnet to run a pay-per-install service, enabling customers to gain access to victims’ machines. Customers used the service to deploy malware for their own criminal activities. Investigations revealed that botnet access was purchased for a range of purposes, including keylogging, webcam access, ransomware deployment, cryptomining and more.
Read more…
Source: Europol
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Ukrainian police arrest DDoS operator controlling 100,000 bots
October 11, 2021
Ukrainian police have arrested a hacker who controlled a 100,000 device botnet used to perform DDoS attacks on behalf of paid customers. DDoS for hire The threat actor was arrested at his home in Prykarpattia where he was allegedly using the botnet to perform DDoS attacks or to support other malicious activity for his clients. This activity included ...
- European Parliament passes non-binding resolution to ban facial recognition
October 7, 2021
The European Parliament has voted in favour to a resolution banning law enforcement from using facial recognition systems. In explaining the resolution, the European Parliament said the use of AI by law enforcement currently poses various risks spanning opaque decision-making, discrimination, privacy intrusion, challenges to the protection of personal data, human dignity, and the freedom of ...
- Ransomware Gang Arrested In Ukraine With Europol’s Support
October 4, 2021
On 28 September, a coordinated strike between the French National Gendarmerie (Gendarmerie Nationale), the Ukrainian National Police (Національна поліція України) and the United States Federal Bureau of Investigation (FBI), with the coordination of Europol and INTERPOL, has led to the arrest in Ukraine of two prolific ransomware operators known for their extortionate ransom demands (between ...
- Russia: CEO of Group-IB cybersecurity firm arrested on ‘high treason’ charges
September 30, 2021
The founder and CEO of Russia’s Group-IB digital security firm has been detained by authorities and charged with high treason, reportedly for passing on secret information to foreign spies in yet another cloak and dagger drama. On Wednesday, a Moscow court ordered that Ilya Sachkov can be detained in custody for two months while prosecutors prepare ...
- Operation Ironside has confiscated AU$31 million of assets so far
September 27, 2021
Australian Federal Police (AFP) has so far seized over AU$31 million of assets through Operation Ironside, the message decryption sting operation that was labelled as the country’s “most significant operation in policing history”. The update was provided as part of an AFP announcement that it made its first multi-million cash forfeiture as part of the sting ...
- Europol: 106 arrested in a sting against online fraudsters
September 20, 2021
The Spanish National Police (Policía Nacional), supported by the Italian National Police (Polizia di Stato), Europol and Eurojust, dismantled an organised crime group linked to the Italian Mafia involved in online fraud, money laundering, drug trafficking and property crime. The suspects defrauded hundreds of victims through phishing attacks and other types of online fraud such as ...