"The malware's administrator told customers to down tools "for safety reasons" on November 11, hours before the operation's onion site went dark. In typical Operation Endgame fashion, officials released a smug animated video hinting at intelligence gathered during the operation. The video depicts a lone administrator allegedly skimming the most valuable secrets and cryptocurrency keys for personal gain, passing only less lucrative data to customers - a tactic designed to undermine trust within criminal organizations."
"According to the Shadowserver Foundation, which assisted in the enforcement action, officials accessed a Rhadamanthys database revealing more than 525,000 infections between March and November 2025 across 226 countries, collecting over 86 million individual records. "The main suspect behind the infostealer had access to over 100,000 crypto wallets belonging to these victims, potentially worth millions of euros," the Operation Endgame team said in a statement."
International law enforcement seized 1,025 servers tied to the Rhadamanthys infostealer in coordinated raids from November 10–13 under Operation Endgame led by Europol and Eurojust. The takedown impacted hundreds of thousands of infected computers and several million stolen credentials. Many victims were not aware of infections. The malware administrator told customers to stop "for safety reasons" shortly before the operation’s onion site went dark. Officials accessed a database showing over 525,000 infections between March and November 2025 across 226 countries and more than 86 million records. The main suspect reportedly had access to over 100,000 crypto wallets potentially worth millions of euros. Infrastructure was disrupted but suspects remain at large.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]