In the latest phase of Operation Endgame, Europol and law enforcement agencies from 11 countries have dismantled a vast cybercrime infrastructure responsible for spreading some of the world’s most notorious malware, including the Rhadamanthys info-stealer, the VenomRAT remote access trojan, and the Elysium botnet.
The coordinated international action resulted in one arrest in Greece, where the main suspect behind VenomRAT was taken into custody on 3 November 2025. Authorities also conducted 11 searches across Europe (one in Germany, one in Greece, and nine in the Netherlands) leading to the disruption or takedown of over 1,025 servers and the seizure of 20 domains worldwide.
The dismantled infrastructure had infected hundreds of thousands of computers globally, stealing millions of credentials from unsuspecting victims. Investigators revealed that the main suspect linked to the Rhadamanthys operation had access to more than 100,000 cryptocurrency wallets, potentially worth millions of euros.
Rhadamanthys, sold under a malware-as-a-service (MaaS) model, is designed to steal login data, authentication cookies, and sensitive information from web browsers and applications. It has been distributed through deceptive online campaigns, including fake software cracks, YouTube videos, and malicious advertisements.
Operation Endgame, one of Europe’s largest coordinated cybercrime crackdowns, has previously taken down infrastructure associated with SmokeLoader, DanaBot, IcedID, Pikabot, Trickbot, and Bumblebee.
