Law enforcement agencies in the US and six other countries have been cracking down on customers of the Smokeloader pay-per-install botnet, resulting in five arrests, as announced by Europol. The Smokeloader botnet was taken down in May 2024 as part of Operation Endgame, leading to the dismantling of the infrastructure of several malware droppers, including Bumblebee, IcedID, Pikabot, SystemBC, and Trickbot.
According to Europol, the botnet’s customers were identified through a database seized by law enforcement in May of the previous year. This database allowed authorities to connect online personas with real-life individuals, enabling them to take action against the botnet’s users. Some suspects who were questioned during the investigation cooperated with authorities and consented to having their personal devices examined. It was revealed that some of these suspects had been reselling services purchased from Smokeloader at a higher price.
The European agency issued a warning stating that some suspects believed they were no longer under law enforcement scrutiny, only to realize that they were still being targeted. Europol emphasized that Operation Endgame was an ongoing effort and would continue to pursue individuals involved in illegal activities.
Law enforcement agencies from Canada, Czech Republic, Denmark, France, Germany, the Netherlands, and the US collaborated in this operation and expressed their commitment to tracking down suspected users of not only the Smokeloader botnet but also other botnets. They also announced that new actions related to Operation Endgame would be revealed on the dedicated website.
In September 2024, the US Treasury, in partnership with Operation Endgame, imposed sanctions on PM2BTC, UAPS, and Cryptex, three cryptocurrency exchanges linked to malicious activities. Additionally, Dutch authorities seized web domains and infrastructure associated with these exchanges. Two Russian nationals, Sergey Sergeevich Ivanov and Timur Shakhmametov, who were operating these exchanges, were indicted in the US. Subsequently, Russian authorities arrested 96 individuals allegedly connected to the exchanges.
The collaborative efforts of law enforcement agencies across multiple countries demonstrate a unified front against cybercrime and illicit online activities. By targeting not only the operators of malicious botnets but also their customers, authorities aim to disrupt the entire ecosystem of cybercriminal operations. The actions taken against the Smokeloader botnet and associated cryptocurrency exchanges send a clear message that illegal online activities will not go unpunished.
As the investigation continues and new developments unfold, it is evident that Operation Endgame remains active and vigilant in its pursuit of those involved in cybercrime. The relentless efforts of law enforcement agencies underscore the importance of international cooperation in combating cyber threats and ensuring the safety and security of online spaces.