An international coalition of law enforcement agencies coordinated by Europol targeted and took down three major cybercrime operations in its latest action, known as Operation Endgame. Authorities stated that the police operation focused on the infostealing malware Rhadamanthys, a botnet called Elysium, and the remote access trojan known as VenomRAT. All three were described as playing a key role in international cybercrime.
As part of the operation, police seized more than one thousand servers. Europol also announced the arrest of the main suspect behind VenomRAT in Greece on November third. The dismantled malware infrastructure consisted of hundreds of thousands of infected computers containing several million stolen credentials. Many victims were reportedly unaware that their systems had been infected.
According to Europol, the main suspect behind Rhadamanthys had access to over one hundred thousand cryptocurrency wallets, potentially worth millions of euros. Rhadamanthys is an infostealer designed to steal information from infected devices, including passwords and cryptocurrency wallet keys.
Rhadamanthys saw a spike in popularity in October, following the earlier takedown of the popular infostealer Lumma. This demonstrates how criminals adapt after law enforcement actions by shifting to different, less-known hacking tools. When Rhadamanthys first launched in 2022, it initially spread through malicious Google advertisements and later grew via word-of-mouth on underground forums, according to Lumen’s Black Lotus Labs, a cybersecurity partner in Operation Endgame.
The firm reported that Rhadamanthys experienced a dramatic uptick and a consistent rise in victims after the Lumma takedown, making it the largest information-stealing malware by volume. By October, the infostealer had compromised more than twelve thousand victims.
A researcher at Black Lotus Labs, Ryan English, stated that Rhadamanthys emerged as the next go-to infostealer after Lumma was taken down. He noted that while others will inevitably take their place, law enforcement and the industry continue to track emerging threats. English described the ongoing battle against cybercrime as a perpetual game of whack-a-mole.