News
Greece Arrests Key Suspect in Europol’s Global ‘Operation Endgame’ Targeting Massive Malware Networks
Greece has arrested a key suspect linked to Europol’s global Operation Endgame, which dismantled malware networks infecting millions of computers worldwide. Authorities seized servers, domains, stolen data, and crypto assets as part of the multinational cybercrime crackdown.
Greek authorities have arrested a 38-year-old man as part of Europol’s global crackdown on cybercrime, a sweeping operation that dismantled malware infrastructures responsible for infecting millions of computers worldwide.
Europol, the EU’s cross-border law enforcement agency, said on Thursday that the latest phase of Operation Endgame—conducted across 10 countries including the United States—targeted the information-stealing malware Radamanthys, the VenomRAT remote-access Trojan, and the Elysium botnet.
The agency said the takedown included millions of compromised computers containing vast quantities of stolen credentials. Many victims were unaware their systems had been infected.
In total, 1,025 servers were taken offline or disrupted globally, and 20 domains were seized.
Greek police said the Albanian national, arrested in Athens on November 3, is believed to have created and sold VenomRAT since 2020. He was taken into custody under a European arrest warrant issued by France.
According to Europol, “the main suspect behind the information-stealing tools had access to more than 100,000 crypto wallets belonging to victims—potentially worth millions of euros.”
Greek authorities said the malware was designed to steal data through keystroke logging, remote access to webcams, text injection, and cryptocurrency wallet hacking. Access to the malware was sold for €150 a month to €1,550 a year.
A search of the suspect’s residence uncovered multiple versions of the malware’s source code, evidence of the management of a promotional website, suspicious emails, and cryptocurrency accounts.
Police said seven hard drives, three USB sticks, and a digital wallet containing cryptocurrency valued at $140,424 were seized.
A Greek police official added that the malware’s digital infrastructure was hosted on servers belonging to a company based in France, and that both French and U.S. authorities have launched parallel investigations.
