Police Arrest Smokeloader Clients After Operation Endgame

By Riley ThompsonTechnology News

Police Arrest Smokeloader Clients Following Operation Endgame

Law enforcement agencies have identified and arrested at least five clients of the Smokeloader botnet, according to recent reports. These arrests come as a result of Operation Endgame, a major international effort conducted last year with the participation of police from Germany, the United States, the United Kingdom, France, Denmark, and the Netherlands.

In addition to law enforcement, experts from companies such as Bitdefender, Cryptolaemus, Sekoia, Shadowserver, Team Cymru, Prodaft, Proofpoint, NFIR, Computest, Northwave, Fox-IT, HaveIBeenPwned, Spamhaus, and DIVD provided authorities with valuable intelligence about botnet infrastructure and the inner workings of various malware strains.

During the operation, authorities seized more than 100 servers used by major malware loaders, including IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC. These droppers are typically used to gain initial access to victims’ devices and deliver additional malicious payloads.

Ongoing Investigation and New Arrests

According to a new press release from Europol this week, the operation is still ongoing. Law enforcement is currently analyzing data from the confiscated servers and tracking down clients of the mentioned malware services.

Investigators report that Smokeloader was operated by an individual known as “Superstar,” who offered the botnet to other cybercriminals as a pay-per-install service, granting them access to victims’ computers.

“As a result of a series of coordinated actions, clients of the Smokeloader botnet, managed by the criminal known as Superstar, have faced consequences such as arrests, home searches, arrest warrants, and preventive interviews,” Europol stated.

Smokeloader’s Role in Cybercrime

Smokeloader was used for a wide range of cybercrimes, from deploying ransomware and launching cryptominers to accessing webcams and intercepting keystrokes on victims’ machines.

Data about Smokeloader clients found in the database seized during Operation Endgame allowed police to identify hackers by linking their online nicknames to real-world identities. Some suspects agreed to cooperate with law enforcement and allowed investigators to examine digital evidence on their personal devices. Several of them had been reselling Smokeloader services at a markup.

Europol’s Continued Efforts

As the operation continues, Europol has launched a dedicated website to publish the latest news related to the case. Europol has also released a series of animated videos on the site, showcasing law enforcement activities and how they are tracking down Smokeloader clients and partners.

Leave a Reply