Malware droppers enable cybercriminals to circumvent security measures and install malicious payloads on targeted systems.
In a coordinated effort spanning multiple countries, Europol has executed Operation Endgame, a major crackdown on the malware dropper ecosystem. Led by France, Germany, and the Netherlands, the operation took place between May 27 and 29, 2024, and targeted various malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot.
Investigations revealed that one of the main suspects had earned at least €69 million ($75 million) in cryptocurrency by renting out criminal infrastructure sites to deploy ransomware. Law enforcement agencies are closely monitoring the suspect’s transactions and have obtained legal permission to seize these assets in future actions. The Europol press release did not specify any particular cryptocurrency or platform used in the transactions.
Malware droppers play a crucial role in deploying harmful software, such as viruses, ransomware, and spyware. These droppers allow cybercriminals to bypass security measures and install malicious payloads on targeted systems. While droppers themselves may not cause direct damage, they facilitate the infiltration and execution of other malware.
During the operation, law enforcement agencies made significant progress in disrupting the malware ecosystem. Four individuals were arrested, with one suspect in Armenia and three in Ukraine. Additionally, 16 location searches were conducted across Armenia, the Netherlands, Portugal, and Ukraine. Over 100 servers were taken down or disrupted in several countries, including Bulgaria, Canada, Germany, Lithuania, the Netherlands, Romania, Switzerland, the United Kingdom, the United States, and Ukraine. Authorities also seized control of over 2,000 domains.
Europol played a vital role in facilitating the operation by providing analytical, on-chain tracing for crypto transactions, and forensic support to the investigation. The agency organized numerous coordination calls and hosted an operational sprint at its headquarters, involving law enforcement officers from various countries.