An international coalition of law enforcement agencies coordinated by Europol has taken down three major cybercrime operations, targeting the infostealing malware Rhadamanthys, the Elysium botnet and the remote access trojan VenomRAT. Europol said the dismantling was part of its ongoing “Operation Endgame,” which focuses on disrupting criminal infrastructure used across global cyberattacks.
Authorities seized more than 1,000 servers during the coordinated action. Europol said the malware systems taken down involved “hundreds of thousands” of compromised computers storing several million stolen credentials. Many victims were unaware their devices had been infected. Police also arrested the unnamed “main suspect” accused of operating VenomRAT in Greece on 3 November.
Europol said the main suspect behind Rhadamanthys had access to over 100,000 cryptocurrency wallets “potentially worth millions of euros.” Rhadamanthys is designed to steal passwords, crypto wallet keys and other sensitive information from infected devices. The malware gained traction after authorities disrupted the popular infostealer Lumma earlier this year, illustrating how cybercriminals shift to lesser-known tools after law enforcement takedowns.
Rhadamanthys launched in 2022 and initially spread via malicious Google ads before gaining momentum through underground forum discussions, according to Black Lotus Labs, a partner in Operation Endgame. The firm said the malware saw a “dramatic uptick” in use after Lumma’s removal, describing it as the largest information-stealing malware by volume. By October, Black Lotus Labs estimated that Rhadamanthys had infected more than 12,000 victims.
Ryan English, a researcher at Black Lotus Labs, told TechCrunch that Rhadamanthys quickly became the “next go-to infostealer” following Lumma’s takedown. He said new threats will continue to emerge as others fall, adding that law enforcement and industry partners “can only do so much at any time.”
Featured image credits: Freepik
For more stories like it, click the +Follow button at the top of this page to follow us.