FlagThis - #cybercrimetakedown

An international law enforcement operation, dubbed Operation Endgame, has successfully taken down AVCheck, a notorious service used by cybercriminals to test their malware against antivirus software. The coordinated effort involved law enforcement agencies from multiple countries, including the US, Netherlands, and Finland. This takedown represents a significant blow to cybercriminal infrastructure, as AVCheck was one of the largest counter antivirus (CAV) services operating globally, enabling criminals to refine their malware to evade detection by security software. The service allowed users to upload their malware and test it against various antivirus engines, ensuring it could slip past defenses undetected.

The takedown included the seizure of the AVCheck domain (avcheck.net) along with several other related domains, including Cryptor.biz, Cryptor.live, Crypt.guru, and Getcrypt.shop, which provided "malware crypting" services. These crypting services were closely linked to AVCheck's administrators and helped malware authors obfuscate their code, further enhancing its ability to bypass antivirus detection. Authorities made undercover purchases from seized websites and analyzed the services, confirming they were designed for cybercrime. Court documents also allege authorities reviewed linked email addresses and other data connecting the services to known ransomware groups that have targeted victims both in the United States and abroad.

The Dutch police played a crucial role in the operation, even setting up a fake login page on AVCheck prior to the takedown. This fake page warned users about the legal risks associated with using the service and collected data on those attempting to log in. This tactic allowed law enforcement to gather valuable intelligence on the users of AVCheck and potentially deter them from engaging in further cybercriminal activities. Authorities have highlighted the importance of international cooperation in combating cybercrime, emphasizing the need to target not just individual cybercriminals but also the services and infrastructure that enable their malicious activities.


References :

• Threats | CyberScoop: CyberScoop reports on a global takedown of a top counter antivirus service.
• Risky.Biz: Risky.biz's bulletin reports on law enforcement taking down AVCheck.
• securityaffairs.com: Security Affairs reports on the police taking down several popular counter-antivirus (CAV) services, including AvCheck.
• PCMag UK security: PCMag reports on the takedown of AvCheck, a virus scanner used by hackers.
• www.csoonline.com: CSOOnline reports on the FBI cracking down on a crypting crew involved in a global counter-antivirus service disruption.
• Metacurity: Metacurity's news report mentions the takedown of AVCheck, a cybercriminal malware testing service.
• www.itpro.com: ITPro reports on the police takedown of AVCheck, a cyber crime service.

Classification:

• HashTags: #AVCheck #OperationEndgame #CybercrimeTakedown
• Target: Cybercriminals
• Product: AVCheck
• Feature: malware testing
• Type: Malware
• Severity: Major