CyberSecurity news
FlagThis
@cyberinsider.com
//
Law enforcement agencies across North America and Europe have taken action against users of the Smokeloader botnet in a follow-up to Operation Endgame, a major takedown that occurred in May 2024. This new phase targets the demand side of the cybercrime economy, focusing on individuals who purchased access to compromised computers through Smokeloader’s pay-per-install service, which was operated by the cybercriminal known as "Superstar". Authorities have arrested at least five individuals, conducted house searches, and interrogated suspects linked to the use of the Smokeloader botnet. In addition to arrests, servers used by the Smokeloader botnet's customers have also been seized.
Evidence used to identify and apprehend the Smokeloader users came from backend databases obtained during the initial Operation Endgame takedown. These databases contained information about who had purchased access to the infected machines, allowing investigators to match usernames and payment information to real-world identities. The customers of the Smokeloader botnet were using the access to deploy various types of malware, including ransomware, spyware, and cryptominers for their own illicit activities. Some suspects were found to be reselling the Smokeloader access for profit, adding another layer to the investigation.
The investigation remains open, and authorities are continuing to work through leads, with more actions expected. Europol has launched a dedicated website, operation-endgame.com, to collect tips and provide updates on the operation. Law enforcement agencies are sending a clear message that they are committed to disrupting the cybercrime ecosystem by targeting not only the operators of malicious services but also the individuals who use and fund them. Officials said that the malware's customers faced various consequences ranging from "knock and talks," full house searches, all the way to arrests.
References :
Evidence used to identify and apprehend the Smokeloader users came from backend databases obtained during the initial Operation Endgame takedown. These databases contained information about who had purchased access to the infected machines, allowing investigators to match usernames and payment information to real-world identities. The customers of the Smokeloader botnet were using the access to deploy various types of malware, including ransomware, spyware, and cryptominers for their own illicit activities. Some suspects were found to be reselling the Smokeloader access for profit, adding another layer to the investigation.
The investigation remains open, and authorities are continuing to work through leads, with more actions expected. Europol has launched a dedicated website, operation-endgame.com, to collect tips and provide updates on the operation. Law enforcement agencies are sending a clear message that they are committed to disrupting the cybercrime ecosystem by targeting not only the operators of malicious services but also the individuals who use and fund them. Officials said that the malware's customers faced various consequences ranging from "knock and talks," full house searches, all the way to arrests.
Share:
References :
- bsky.app: In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader botnet's customers and detained at least five individuals.
- cyberinsider.com: Nearly a year after the landmark Operation Endgame dismantled the infrastructure behind several major malware droppers, law enforcement agencies have launched a follow-up offensive targeting of the demand side of the cybercrime economy. Authorities across Europe and North America arrested five individuals, conducted house searches, and interrogated suspects linked to the use of the SmokeLoader … The post appeared first on .
- Metacurity: ICMYI, Operation Endgame bust a boatload of customers of the Smokeloader pay-per-install botnet, operated by the actor known as ‘Superstar' as outlined in the joint operation's season two premiere video episode.
- BleepingComputer: Police detains Smokeloader malware customers, seizes servers
- CyberInsider: ‘Operation Endgame’ Leads to Five Arrests in SmokeLoader Botnet Crackdown
- DataBreaches.Net: Operation Endgame follow-up leads to five detentions and interrogations as well as server takedowns
- hackread.com: Smokeloader Users Identified and Arrested in Operation Endgame
- www.scworld.com: Operation Endgame follow-up cracks down on Smokeloader botnet
- The Register - Security: Officials teased more details to come later this year Following the 2024 takedown of several major malware operations under Operation Endgame, law enforcement has continued its crackdown into 2025, detaining five individuals linked to the Smokeloader botnet.…
- hackread.com: Smokeloader Users Identified and Arrested in Operation Endgame
- www.itpro.com: Seized database helps Europol snare botnet customers in ‘Operation Endgame’ follow-up sting
- The Hacker News: Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence
Classification:
- HashTags: #Botnet #Cybercrime #OperationEndgame
- Company: Operation Endgame
- Target: Smokeloader Customers
- Attacker: Smokeloader
- Product: Smokeloader
- Feature: law enforcement
- Malware: Smokeloader
- Type: Legal
- Severity: Legal