An international coalition of law enforcement agencies coordinated by Europol has targeted and crushed three cybercrime operations in the latest round, which authorities are calling “Operation Endgame.”
Europol said in a press release that the police operation targeted the information-stealing malware Rhadamanthys, the Elysium botnet and the VenomRAT remote access Trojan. Authorities say all three “played significant roles in international cybercrime.” Police seized more than 1,000 servers as part of the operation.
Europol announced that police arrested the unnamed “key suspect” behind VenomRAT in Greece on November 3.
“The dismantled malware infrastructure consisted of hundreds of thousands of infected computers containing millions of stolen credentials,” the press release states. “Many victims were unaware that their systems were infected.”
According to Europol, Rhadamanthys' main suspect had access to more than 100,000 cryptocurrency wallets “worth millions of euros.”
As an information thief, Rhadamantys is designed to steal various types of information from infected devices, such as passwords and cryptocurrency wallet keys. Rhadamantys surged in popularity in October after authorities removed popular information thief Lumma earlier this year. This shows that after being removed, the criminals adapted using various hacking tools that were little known at the time.
When Rhadamantys launched in 2022, it initially relied on spreading through malicious Google ads, but has since grown thanks to word of mouth on underground forums, according to Lumen's Black Lotus Labs, one of Operation Endgame's cybersecurity industry partners.
tech crunch event
San Francisco | October 13-15, 2026
The company wrote in a blog post that since Lumma's shutdown, Rhadamantys has experienced “dramatic growth” and “consistent increases in the number of victims,” making it the “largest information-stealing malware by volume.” According to the company, more than 12,000 victims were affected by information thieves in October.
Ryan English, a researcher at Black Lotus Labs, told TechCrunch that after Lumma's downfall, Rhadamantys “has emerged as the 'next' go-to information stealer.”
“We just keep tracking who gets out of there because we know other companies are going to replace them,” English said, adding that law enforcement and the broader industry “can only do so much at any given time.”
“So, in a real sense, it's an eternal game of whack-a-mole,” English said.