Police detains Smokeloader malware customers, seizes servers

In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader botnet’s customers and detained at least five individuals. During Operation Endgame last year, more than 100 servers used by major malware loader operations (e.g. IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, SystemBC) were seized. In a press release today, Europol informs that the operation continues as law enforcement officers analyze the data from the seized servers and are tracking down customers of the malicious businesses. The agency did not provide any details about the detained individuals, and says that the investigation also led to interrogations and server takedowns. According to the investigators, Smokeloader was run by a threat actor using the alias ‘Superstar,’ who provided the botnet as a pay-per-install service that permitted customers access to the victims’ machines. “In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the act ... Read full article.