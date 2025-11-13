Three malware strains popular with cybercriminals have been taken down in a large-scale law enforcement operation that spanned 11 countries.

The dismantling of the malware networks is part of an ongoing effort, dubbed Operation Endgame. The latest activity, Operation Endgame 3.0, occurred between November 10 and 13.

Infrastructure linked to Rhadamanthys, a notorious information stealer (infostealer), a remote access trojan called VenomRAT and the Elysium botnet have all been impacted.

The raids also resulted in:

Over 1025 servers taken down or disrupted worldwide

20 domains seized

11 locations searched (one in Germany, one in Greece, and 9 in the Netherlands)

The arrest of the suspected main operator of VenomRAT in Greece

“The infrastructure dismantled during the action days was responsible for infecting hundreds of thousands of victims worldwide with malware,” said Europol in a public statement published on November 13.

The operation involved law enforcement agencies from six EU countries, Australia, Canada, the UK and the US, with the collaboration of Europol, Eurojust and over 30 private partners from the cybersecurity industry. The initiative was coordinated from Europol’s headquarters in The Hague, Netherlands.

Takedown of Rhadamanthys, VenomRAT and Elysium

Rhadamanthys infostealer “had grown to become one of the leading infostealers since Operation Endgame ‘Season 2’ disrupted the infostealer landscape,” according to a Shadowserver Foundation statement published on November 13.

In this statement, the UK government-funded non-profit announced that it had sent notifications about devices infected with the Rhadamanthys infostealer malware between March and November 2025 to 201 national computer security incident response teams (CSIRTs) in 175 countries and over 10,000 network owners globally.