Europol shuts down malware dropper ring linked to at least $75M in stolen crypto

General

In
a
coordinated
effort
spanning
multiple
countries,
Europol
has
carried
out

Operation
Endgame,
a
large-scale
crackdown
on
the
malware
dropper
ecosystem.
The
operation,
led
by
France,
Germany,
and
the
Netherlands,
was
conducted
between
May
27
and
29,
2024,
and
targeted
various
malware
droppers,
including
IcedID,
SystemBC,
Pikabot,
Smokeloader,
Bumblebee,
and
Trickbot.

Investigations
revealed
that
one
of
the
main
suspects
had
earned
at
least
€69
million
($75
million)
in
crypto
by
renting
out
criminal
infrastructure
sites
to
deploy
ransomware.
Law
enforcement
agencies
are
closely
monitoring
the
suspect’s
transactions
and
have
obtained
legal
permission
to
seize
these
assets
in
future
actions.
The
press
release
from
Europol
did
not
mention
any
specific
crypto
or
platform
used
in
the
transactions.

Malware
droppers
play
a
critical
role
in
the
deployment
of
harmful
software,
such
as
viruses,
ransomware,
and
spyware.
These
droppers
allow
cybercriminals
to
bypass
security
measures
and
install
malicious
payloads
on
targeted
systems.
Although
droppers
themselves
may
not
cause
direct
damage,
they
facilitate
the
infiltration
and
execution
of
other
malware.

During
the
operation,
law
enforcement
agencies
made
progress
with
disrupting
the
malware
ecosystem.
Four
individuals
were
arrested,
with
one
suspect
in
Armenia
and
three
in
Ukraine.
Additionally,
16
location
searches
were
conducted
across
Armenia,
the
Netherlands,
Portugal,
and
Ukraine.
Over
100
servers
were
taken
down
or
disrupted
in
several
countries,
including
Bulgaria,
Canada,
Germany,
Lithuania,
the
Netherlands,
Romania,
Switzerland,
the
United
Kingdom,
the
United
States,
and
Ukraine.
Authorities
also
seized
control
of
over
2,000
domains.

Europol
played
a
vital
role
in
facilitating
the
operation
by
providing
analytical,
onchain
tracing
for
crypto
transactions,
and
forensic
support
to
the
investigation.
The
agency
organized
numerous
coordination
calls
and
hosted
an
operational
sprint
at
its
headquarters,
involving
law
enforcement
officers
from
various
countries.

The
information
on
or
accessed
through
this
website
is
obtained
from
independent
sources
we
believe
to
be
accurate
and
reliable,
but
Decentral
Media,
Inc.
makes
no
representation
or
warranty
as
to
the
timeliness,
completeness,
or
accuracy
of
any
information
on
or
accessed
through
this
website.
Decentral
Media,
Inc.
is
not
an
investment
advisor.
We
do
not
give
personalized
investment
advice
or
other
financial
advice.
The
information
on
this
website
is
subject
to
change
without
notice.
Some
or
all
of
the
information
on
this
website
may
become
outdated,
or
it
may
be
or
become
incomplete
or
inaccurate.
We
may,
but
are
not
obligated
to,
update
any
outdated,
incomplete,
or
inaccurate
information.

Crypto
Briefing
may
augment
articles
with
AI-generated
content
created
by
Crypto
Briefing’s
own
proprietary
AI
platform.
We
use
AI
as
a
tool
to
deliver
fast,
valuable
and
actionable
information
without
losing
the
insight
–
and
oversight
–
of
experienced
crypto
natives.
All
AI
augmented
content
is
carefully
reviewed,
including
for
factural
accuracy,
by
our
editors
and
writers,
and
always
draws
from
multiple
primary
and
secondary
sources
when
available
to
create
our
stories
and
articles.

You
should
never
make
an
investment
decision
on
an
ICO,
IEO,
or
other
investment
based
on
the
information
on
this
website,
and
you
should
never
interpret
or
otherwise
rely
on
any
of
the
information
on
this
website
as
investment
advice.
We
strongly
recommend
that
you
consult
a
licensed
investment
advisor
or
other
qualified
financial
professional
if
you
are
seeking
investment
advice
on
an
ICO,
IEO,
or
other
investment.
We
do
not
accept
compensation
in
any
form
for
analyzing
or
reporting
on
any
ICO,
IEO,
cryptocurrency,
currency,
tokenized
sales,
securities,
or
commodities.

See

full
terms
and
conditions.