Last week, officials from Europol announced follow-up actions to a massive botnet takedown codenamed Operation Endgame in May 2024, which shut down the biggest malware droppers, including IcedID, SystemBC, Pikabot, Bumblebee and SmokeLoader. From at least January 2022 to May 2023, Moses allegedly maintained a command and control server located in the Netherlands to deploy the SmokeLoader malware and receive stolen data from victim computers. An alleged operator of the SmokeLoader malware is now facing federal hacking charges in Vermont after accusations that he stole personal information on more than 65,000 people. “Moses deployed the malware as a means to harvest personal information and passwords from victims without the knowledge of the owners of the victim computers," prosecutors said. Nicholas Moses initially had charges filed in North Carolina this week, but the case was transferred to federal prosecutors in Vermont on Wednesday. Moses also shared a screenshot of the SmokeLoader interface which showed a database of 619,763 files containing stolen victim data. Moses claimed he had acquired "over half a million stealer logs" and that he sold stolen victim credentials and passwords for about $1 to $5 each, prosecutors said. However, because of its modular design, SmokeLoader can perform a wide range of functions, including stealing credentials, executing distributed denial-of-service (DDoS) attacks and intercepting keystrokes. Multiple law enforcement agencies in Canada, Denmark, the Czech Republic, France, Germany, the Netherlands and the U.S. followed the leads uncovered in Operation Endgame to link online personas and their usernames to real-life individuals. SmokeLoader is a complex malware strain primarily functioning as a loader, which downloads stealthier or more effective malicious software into the system.
This Cyber News was published on therecord.media. Publication date: Fri, 18 Apr 2025 16:35:16 +0000