Police take down three cybercrime operations in latest round of ‘whack-a-mole’

Europol Shuts Down Global Cybercrime Networks in Operation Endgame, Arrests VenomRAT Suspect

An international coalition of law enforcement agencies, coordinated by Europol, has successfully dismantled three primary cybercrime operations — marking another milestone in its ongoing anti-malware campaign, known as Operation Endgame.

In a statement released this week, Europol confirmed the takedown of three notorious malware infrastructures:

• Rhadamanthys is an infostealing malware used to steal passwords and cryptocurrency keys.
• Elysium is a large-scale botnet used to hijack devices and launch coordinated attacks.
• VenomRAT is a remote access trojan (RAT) used by hackers to control infected systems remotely.

Authorities seized over 1,000 servers worldwide and arrested multiple individuals — including the main suspect behind VenomRAT, who was apprehended in Greece on November 3.

Millions of Victims and Stolen Credentials

According to Europol, the dismantled infrastructure included hundreds of thousands of infected computers and contained millions of stolen credentials from unsuspecting users.

The agency added that the primary suspect behind Rhadamantys had access to over 100,000 cryptocurrency wallets, potentially worth millions of euros.

“Many victims were unaware that their systems had been compromised,” Europol said in its press release.

How Rhadamantys Rose to Power

Rhadamanthys, which surfaced in 2022, is designed to steal sensitive data, including passwords, browser cookies, and cryptocurrency wallet keys. It initially spread through malicious Google ads before gaining traction via underground cybercrime forums.

After the shutdown of the Lumma infostealer earlier this year, Rhadamantys quickly became the most widely used information-stealer malware, according to Lumen’s Black Lotus Labs, a cybersecurity firm that collaborated with Europol on Operation Endgame.

Black Lotus Labs reported a “dramatic uptick” in Rhadamantys infections, noting that the malware had compromised more than 12,000 victims by October 2025.

Experts: “It’s Whack-a-Mole Forever”

Ryan English, a researcher at Black Lotus Labs, told TechCrunch that Rhadamanthys filled the void left by Lumma’s takedown.
“Rhadamanthys emerged as the ‘next’ go-to infostealer,” he said. “We know that others will take their place, so we just keep tracking to see who’s emerging from that.”

English added that while law enforcement operations like Endgame are vital, the fight against cybercrime is ongoing.
“In a very real sense, it’s whack-a-mole forever,” he said.

A Global Effort Against Malware Networks

Operation Endgame is one of the most significant multinational cybersecurity initiatives ever coordinated by Europol, involving dozens of law enforcement agencies and cybersecurity firms.
Its ongoing mission is to dismantle malware networks, identify key operators, and neutralise botnets before they can re-emerge under new names.

This latest round of takedowns demonstrates that even as cybercriminals shift tactics, global cooperation between law enforcement and private industry remains a powerful countermeasure.