A database seized during Operation Endgame included customers registered for Smokeloader botnet services, allowing officers to track down cybercriminals by linking their online aliases to real-life individuals. In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader botnet’s customers and detained at least five individuals. In a press release today, Europol informs that the operation continues as law enforcement officers analyze the data from the seized servers and are tracking down customers of the malicious businesses. Furthermore, to better understand the stages of the operation, Europol published a series of animated videos depicting officers’ activity and how they are tracking down Smokeloader affiliates and customers. During Operation Endgame last year, more than 100 servers used by major malware loader operations (e.g. IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, SystemBC) were seized. European Union’s agency encourages anyone with information about the criminal activities investigated to contact authorities through the Operation Endgame website, which is also conveniently translated into Russian. Since Operation Endgame continues, Europol set up a dedicated website to share the latest news on the investigation of criminal activities. According to the investigators, Smokeloader was run by a threat actor using the alias ‘Superstar,’ who provided the botnet as a pay-per-install service that permitted customers access to the victims’ machines.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 09 Apr 2025 13:35:14 +0000