An international coalition of law enforcement agencies coordinated by Europol targeted and took down three cybercrime operations in its latest round of what authorities call “Operation Endgame.”
In a press release, Europol said that the police operation targeted the infostealing malware Rhadamanthys, a botnet called Elysium, and the remote access trojan VenomRAT. The authorities say all three “played a key role in international cybercrime.” Police seized more than 1,000 servers as part of the operation.
Europol said police arrested the unnamed “main suspect” behind VenomRAT in Greece on November 3.
“The dismantled malware infrastructure consisted of hundreds of thousands of infected computers containing several million stolen credentials,” the press release read. “Many of the victims were not aware of the infection of their systems.”
According to Europol, the main suspect behind Rhadamantys had access to over 100,000 crypto wallets, “potentially worth millions of euros.”
As an infostealer, Rhadamantys is designed to steal various kinds of information from infected devices, including passwords and cryptocurrency wallet keys. Rhadamantys spiked in popularity in October after authorities took down the popular infostealer Lumma earlier in the year, showing that after takedowns, criminals adapt by using different hacking tools that might be less known at the time.
When Rhadamantys launched in 2022, it initially relied on spreading through malicious Google advertisements, and later grew thanks to word-of-mouth on underground forums, according to Lumen’s Black Lotus Labs, one of the cybersecurity industry partners in Operation Endgame.
Techcrunch event Join the Disrupt 2026 Waitlist Add yourself to the Disrupt 2026 waitlist to be first in line when Early Bird tickets drop. Past Disrupts have brought Google Cloud, Netflix, Microsoft, Box, Phia, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, and Vinod Khosla to the stages — part of 250+ industry leaders driving 200+ sessions built to fuel your growth and sharpen your edge. Plus, meet the hundreds of startups innovating across every sector. Join the Disrupt 2026 Waitlist Add yourself to the Disrupt 2026 waitlist to be first in line when Early Bird tickets drop. Past Disrupts have brought Google Cloud, Netflix, Microsoft, Box, Phia, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, and Vinod Khosla to the stages — part of 250+ industry leaders driving 200+ sessions built to fuel your growth and sharpen your edge. Plus, meet the hundreds of startups innovating across every sector. San Francisco | WAITLIST NOW
The firm wrote in a blog post that Rhadamantys had a “dramatic uptick” and a “consistent rise in the number of victims” after the Lumma takedown, making it “the largest information-stealer malware by volume.” In October, the infostealer had compromised more than 12,000 victims, according to the firm.
Ryan English, a researcher at Black Lotus Labs, told TechCrunch that Rhadamantys “emerged as the ‘next’ go-to infostealer” after Lumma went down.
... continue reading