Malware families like Rhadamanthys Stealer, Venom RAT, and the Elysium botnet have been disrupted as part of a coordinated law enforcement operation led by Europol and Eurojust.
The activity, which is taking place between November 10 and 13, 2025, marks the latest phase of Operation Endgame, an ongoing operation designed to take down criminal infrastructures and combat ransomware enablers worldwide.
Besides dismantling the “three large cybercrime enablers,” authorities have also arrested the main suspect behind Venom RAT in Greece on November 3, more than 1,025 servers have been taken down, and 20 domains have been seized.
“The dismantled malware infrastructure consisted of hundreds of thousands of infected computers containing several million stolen credentials,” Europol said in a statement. “Many of the victims were not aware of the infection of their systems.”
It’s currently not clear if the Elysium botnet Europol refers to is the same proxy botnet service RHAD security (aka Mythical Origin Labs), the threat actor associated with Rhadamanthys, was observed advertising as recently as last month.
Europol also noted that the main suspect behind the infostealer had access to no less than 100,000 cryptocurrency wallets belonging to victims, potentially amounting to millions of euros.
A recent analysis published by Check Point revealed that the latest version of Rhadamanthys added support for collecting device and web browser fingerprints, along with incorporating several mechanisms to fly under the radar.
Authorities that participated in the effort included law enforcement agencies from Australia, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands, and the U.S.
(This is a developing story. Please check back for more updates.)
