Greek authorities have arrested a 38-year-old Albanian national in Athens as part of Europol’s global “Operation Endgame,” which dismantled a massive network of malware systems infecting hundreds of thousands of computers worldwide. The coordinated crackdown, conducted across ten countries including the United States, targeted notorious cybercrime tools such as Rhadamanthys, VenomRAT, and the Elysium botnet.
Europol said the takedown disrupted more than 1,000 servers and seized 20 domains linked to stolen data and financial theft operations. The arrested suspect, alleged to be the creator and distributor of VenomRAT since 2020, is accused of controlling access to over 100,000 cryptocurrency wallets belonging to victims, potentially worth millions of euros.
VenomRAT: A Sophisticated Tool for Digital Theft and Surveillance
According to Greek police, VenomRAT was designed to record keystrokes, access webcams remotely, and infiltrate text data, enabling attackers to steal credentials and cryptocurrency assets. The malware was sold on underground forums for €150 per month to €1,550 annually, depending on the features purchased.
A search of the suspect’s residence uncovered seven hard drives, three USB devices, and a crypto wallet valued at $140,000, along with evidence linking him to a website that promoted the malware. Investigators said the infrastructure supporting the operation was hosted on a French-based server, and authorities in both France and the U.S. are conducting parallel probes into the wider network.
Operation Endgame Expands Global Collaboration Against Cybercrime
“Operation Endgame” represents one of the largest coordinated actions against cybercrime infrastructure in Europe, with agencies pooling forensic, legal, and intelligence capabilities across borders. Europol emphasized that the infected devices had been quietly harvesting credentials and financial data for years without the victims’ knowledge.
Officials say the operation has exposed how professionalized the cybercrime ecosystem has become — with developers selling malware as subscription-based services and reinvesting profits into more sophisticated exploits. The arrest in Greece is expected to lead to further charges as European investigators continue tracking financial flows and dark web connections tied to the operation.
A Growing Call for Transnational Cybercrime Enforcement
Experts say “Endgame” underscores the growing need for international coordination to combat cybercrime networks operating beyond national borders. With malware markets now mimicking legitimate software ecosystems, law enforcement agencies are focusing on both developers and distributors to disrupt the business model behind global cyberattacks.
Europol said it plans to expand partnerships with private cybersecurity firms to monitor botnet activity and improve intelligence sharing between nations. The agency called the takedown “a major step toward reducing the global malware threat landscape,” but acknowledged that new variants continue to emerge daily.
