European authorities have dismantled a large cybercrime infrastructure as part of Europol’s ongoing Operation Endgame, an effort targeting malware systems that have compromised hundreds of thousands of computers worldwide. Greek police confirmed the arrest of a thirty eight year old Albanian national in Athens earlier this month, identifying him as the alleged creator and distributor of the remote access malware known as VenomRAT. The individual was detained under a European arrest warrant issued by France following investigations that connected him to large scale credential theft operations conducted across multiple jurisdictions. Europol reported that the dismantled malware network contained millions of stolen credentials obtained from infected computers, many belonging to victims who were unaware that their systems had been compromised. In its latest update, Europol stated that one thousand and twenty five servers were taken offline or disrupted across ten countries, including the United States, and twenty domains were seized in a coordinated effort designed to limit the spread of malicious tools associated with information theft and unauthorized remote access.
Authorities said the infrastructure supported several forms of malware, including Rhadamanthys, Elysium botnet activity, and VenomRAT. These systems were designed to collect sensitive information through keystroke recording, remote camera activation, text infiltration, and cryptocurrency wallet extraction. Greek police noted that the suspect had gained access to more than one hundred thousand crypto wallets, potentially holding assets worth millions of euros, according to Europol assessments. Pricing for the malware ranged from one hundred fifty euros per month to more than fifteen hundred euros annually, reflecting a subscription based model commonly used in cybercrime networks. During the search of the suspect’s residence, authorities recovered versions of the malware’s source code, documents linking him to websites promoting illicit tools, suspicious emails, and records of cryptocurrency accounts. Additional materials included seven hard drives, three USB storage devices, and a digital wallet containing one hundred forty thousand dollars worth of digital assets. Investigators said these findings provided evidence of long running activity involving the sale, maintenance, and distribution of the malware to users across several countries.
Greek officials reported that the digital infrastructure supporting the malware operations was hosted on servers belonging to a company based in France, prompting additional inquiries by French and United States authorities. The scale of the investigation highlights the level of interagency cooperation required to disrupt criminal systems that operate across borders and exploit decentralized payment and data channels. Operation Endgame continues to target coordinated malware groups that employ complex distribution techniques to obtain financial and personal information from unwitting users. The current phase illustrates how cybercrime networks increasingly intersect with cryptocurrency environments due to the value stored in digital wallets and the speed at which compromised credentials can be monetized. Authorities emphasized that additional inquiries are underway as forensic analysis progresses, with the findings expected to support further actions aimed at reducing the operational capacity of malware developers and ensuring stronger protections for users vulnerable to credential theft and unauthorized system access.
