Europol shuts down malware dropper ring linked to at least $75M in stolen crypto
Malware droppers allow cybercriminals to bypass security measures and install malicious payloads on targeted systems.
Share this article
In a coordinated effort spanning multiple countries, Europol has carried out Operation Endgame, a large-scale crackdown on the malware dropper ecosystem. The operation, led by France, Germany, and the Netherlands, was conducted between May 27 and 29, 2024, and targeted various malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot.
Investigations revealed that one of the main suspects had earned at least €69 million ($75 million) in crypto by renting out criminal infrastructure sites to deploy ransomware. Law enforcement agencies are closely monitoring the suspect’s transactions and have obtained legal permission to seize these assets in future actions. The press release from Europol did not mention any specific crypto or platform used in the transactions.
Malware droppers play a critical role in the deployment of harmful software, such as viruses, ransomware, and spyware. These droppers allow cybercriminals to bypass security measures and install malicious payloads on targeted systems. Although droppers themselves may not cause direct damage, they facilitate the infiltration and execution of other malware.
During the operation, law enforcement agencies made progress with disrupting the malware ecosystem. Four individuals were arrested, with one suspect in Armenia and three in Ukraine. Additionally, 16 location searches were conducted across Armenia, the Netherlands, Portugal, and Ukraine. Over 100 servers were taken down or disrupted in several countries, including Bulgaria, Canada, Germany, Lithuania, the Netherlands, Romania, Switzerland, the United Kingdom, the United States, and Ukraine. Authorities also seized control of over 2,000 domains.
Europol played a vital role in facilitating the operation by providing analytical, onchain tracing for crypto transactions, and forensic support to the investigation. The agency organized numerous coordination calls and hosted an operational sprint at its headquarters, involving law enforcement officers from various countries.
Share this article