Some of the world's "most dangerous malware" was disrupted this week in a coordinated international operation, which led to the issuance of 20 arrest warrants, the EU anti-crime bodies Europol and Eurojust said Friday.

In an operation involving authorities from Canada, Denmark, France, Germany, the Netherlands, Britain, and the United States, more than 300 servers were taken down, 650 domains were neutralized, and €3.5 million (about $3.9 million) in cryptocurrency was seized.

Between Monday and Thursday, the operation enabled the countries involved "to take action against the world's most dangerous malware variants and the perpetrators behind them", said Eurojust, the EU Agency for Criminal Justice Cooperation.

"Thirty-seven suspects were identified and international arrest warrants were obtained against 20 individuals criminally charged," it added.

What malware was targeted?

According to Europol and Eurojust, the software taken down, known as "initial access malware," is used "for initial infection, helping cybercriminals to enter victims' systems unnoticed and load more malware onto their devices, such as ransomware."

Malware such as Bumblebee, Lactrodectus, Qakbot, DanaBot, HijackLoader, Trickbot, and WarmCookie were targeted by the measures.

"As these variants are at the beginning of the cyberattack chain, disrupting them damages the entire 'cybercrime as a service' ecosystem," the authorities said.
 

Operation Endgame continues

About 50 of the servers neutralized this week were in Germany, the authorities said. 

"In Germany, investigations focused particularly on suspicions of organised extortion and membership of a foreign criminal organization," according to the federal police and the Frankfurt public prosecutor's office in charge of combatting cybercrime. 

German authorities also obtained international arrest warrants for the 20 people, "most of them Russian nationals", and launched search operations, they added. 

The crackdown is an extension of Operation Endgame, the largest police operation ever conducted against botnets.  A total of €21.2 million was seized during the operation, which began in 2024.

Edited by: Saim Dušan Inayatullah