A global police operation shut down the servers of one of the world’s largest malware platforms that targeted millions of victims, the EU’s judicial arm said on Tuesday.
A year-long investigation culminated in “Operation Magnus” with investigators from six countries including the Netherlands, Australia, Britain and the United States working together to smash the criminal scheme.
“The infostealers taken down … targeted millions of victims worldwide, making it one of the largest malware platforms globally,” Eurojust said in a statement.
“Authorities discovered that over 1,200 servers in dozens of countries were running the malware,” said the agency, which is based in The Hague and coordinated Monday’s operation.
Investigators shut down three servers in the Netherlands, seized two domains, unsealed charges in the United States and took two people into custody in Belgium, Eurojust said.
The criminal platforms, called RedLine and META stole personal data from infected devices including usernames and passwords, as well as automatically saved data like addresses, email addresses and crypto-currency wallets.
The victims’ devices became infected when downloading software from unreliable sources.
The investigation was triggered when victims came forward and a security company notified authorities about possible servers in the Netherlands linked to the malware.
“After retrieving the personal data, the infostealers sold the information to other criminals through criminal market places,” Eurojust said.
“The criminals who purchased the personal data used it to steal money, crypto-currency and to carry out follow-on hacking activities,” the agency said.
Authorities have also taken down several Telegram messaging accounts which were used to advertise RedLine and META’s services, Dutch police said.
“Until recently, Telegram was a service where criminals felt untouchable and anonymous,” they said in a statement.
“This action has shown that this is no longer the case,” police added.
In the United States, law officials have slapped fraud and money laundering charges on a suspected RedLine developer and administrator.
If convicted the suspect “faces a maximum penalty of 10 years in prison for access device fraud, five years in prison for conspiracy to commit computer intrusion, and 20 years in prison for money laundering,” the US Attorney’s Office said in a statement.
Eurojust and Dutch police confirmed that the META name used by the malware platform had no link with Meta, the California-based company that owns Facebook, Instagram and WhatsApp.
Investigations continued and Eurojust said a private security company has set up an online tool for potential victims to check if their data was stolen.
US law authorities added it “did not believe it is in possession of all the stolen data and continues to investigate.”
jhe/tw