Dutch authorities have arrested the alleged administrator of AVCheck, a cybercrime service used by malware developers to test their malicious software against antivirus detection. The platform enabled criminals to improve malware, helping it evade security defenses before being deployed in real-world attacks.
AVCheck was taken offline in May 2024 by a joint effort of Dutch police and Finnish authorities as part of Operation Endgame, a large-scale international law enforcement campaign targeting cybercrime infrastructure.
The operation disrupted several major malware networks, including the DanaBot botnet and the Lumma Stealer information-stealing malware. Investigators say intelligence obtained during the takedown led to a separate inquiry into the suspected AVCheck operator and two Amsterdam-based companies linked to him.
The suspect, a 33-year-old Dutch citizen, was arrested Sunday evening at Schiphol Airport after returning from the United Arab Emirates.
According to the National Public Prosecutor’s Office (LP), the man and his companies are suspected of facilitating cybercrime by allowing malware developers to test whether their software could bypass antivirus protections. Authorities also revealed that the suspect had previously deregistered from the Netherlands and moved to the UAE.
Law enforcement has seized multiple data storage devices belonging to the suspect, which are currently being examined as part of the ongoing investigation.