Subj : Top infostealer disrupted
To   : All
From : Mike Powell
Date : Thu Nov 13 2025 08:54 am

Top infostealer disrupted after criminals lose server access

Date:
Wed, 12 Nov 2025 14:54:03 +0000

Description:
The Rhadamanthys infostealer has been disrupted, possibly by German law
enforcement.

FULL STORY

The Rhadamanthys infostealer, one of the most popular malware-as-a-service
(MaaS) offerings on the dark web, has apparently been disrupted, with many of
its customers locked out.

Researchers known as g0njxa and Gi7w0rm saw multiple cybercriminals reporting
troubles using the tool, since the police obtained access to their web
panels.

The MaaS developer blamed the German police for the disruption, saying
entities with German IP addresses were logging into the web panels hosted in
EU data centers right before access was revoked.

German police blamed

German police are yet to confirm or deny these claims, though. Speaking to
BleepingComputer , G0njxa said Rhadamanthys Tor site is also offline, but it
currently doesnt have the usual police seizure banner, so there is still a
chance that this is the work of a different actor.

For one user, SSH access now requires a certificate instead of root password,
preventing entry: "If your password cannot log in. The server login method
has also been changed to certificate login mode, please check and confirm, if
so, immediately reinstall your server, erase traces, the German police are
acting," that person allegedly wrote.

"I confirm that guests have visited my server and the password has been
deleted.rootServer login became strictly certificate-based, so I had to
immediately delete everything and power down the server, another one wrote.
Those who installed it manually were probably unscathed, but those who
installed it through the "smart panel" were hit hard.

At the same time, BleepingComputer uncovered the website for Operation
Endgame, an ongoing police action targeting different MaaS operations,
currently has a countdown timer, set to expire in approximately 21 hours.

Operation Endgames last activity was in May 2025, when Europol and Eurojust
dismantled a ransomware kill chain. In that operation, the police seized
roughly 300 servers, took down 650 domains, and issued international arrest
warrants against 20 individuals. The police also seized 3.5 million in
various cryptocurrencies.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/top-infostealer-disrupted-after-crimina
ls-lose-server-access

$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.