An international coalition of law enforcement agencies coordinated by Europol targeted and destroyed three cybercrime operations in the latest round of what authorities are calling “Operation Endgame.”
In a press releaseEuropol said the police operation targeted the Rhadamanthys information-stealing malware, a botnet called Elysium and the VenomRAT remote access trojan. Authorities say all three “played a key role in international cybercrime.” Police seized more than 1,000 servers as part of the operation.
Europol said police arrested the unnamed “prime suspect” behind VenomRAT in Greece on November 3.
“The dismantled malware infrastructure consisted of hundreds of thousands of infected computers containing several million stolen credentials,” the press release said. “Many of the victims were unaware their systems were infected.”
According to Europol, the main suspect behind Rhadamantys had access to more than 100,000 crypto wallets, “potentially worth millions of euros”.
As a hijacker, Rhadamantys is designed to steal various kinds of information from infected devices, including passwords and cryptocurrency wallet keys. Rhadamantys rose in popularity in October after the beginnings download the popular Lumma thief earlier in the year, showing that after disasters, criminals are adapting by using different hacking tools that may have been less well known at the time.
When Rhadamantys was released in 2022, it initially relied on spreading through Google’s malicious ads and later grew through word of mouth on underground forums, according to Lumen’s Black Lotus Labs, one of the cybersecurity industry partners in Operation Endgame.
Techcrunch event
San Francisco
|
13-15 October 2026
The company he wrote in a blog post that Rhadamantys had a “dramatic rise” and a “consistent increase in the number of victims” after Lumma was taken down, making it “the largest data-stealing malware by volume.” By October, the information thief had compromised more than 12,000 victims, according to the company.
Ryan English, a researcher at Black Lotus Labs, told TechCrunch that Rhadamantys “emerged as the ‘next’ information thief” after Lumma’s fall.
“We know others will take their place, so we’re continuing to watch to see who comes out of this,” English said, adding that law enforcement and the wider industry “can only do so much at any given time.”
“So, in a very real sense, it’s a hit forever,” English said.
