1. Forum
  2. FidoNet
  3. CONSPRCY

  • Top infostealer disrupted

    From Mike Powell@1:2320/105 to All on Thursday, November 13, 2025 08:54:45
    Top infostealer disrupted after criminals lose server access

    Date:
    Wed, 12 Nov 2025 14:54:03 +0000

    Description:
    The Rhadamanthys infostealer has been disrupted, possibly by German law enforcement.

    FULL STORY

    The Rhadamanthys infostealer, one of the most popular malware-as-a-service (MaaS) offerings on the dark web, has apparently been disrupted, with many of its customers locked out.

    Researchers known as g0njxa and Gi7w0rm saw multiple cybercriminals reporting troubles using the tool, since the police obtained access to their web
    panels.

    The MaaS developer blamed the German police for the disruption, saying
    entities with German IP addresses were logging into the web panels hosted in
    EU data centers right before access was revoked.

    German police blamed

    German police are yet to confirm or deny these claims, though. Speaking to BleepingComputer , G0njxa said Rhadamanthys Tor site is also offline, but it currently doesnt have the usual police seizure banner, so there is still a chance that this is the work of a different actor.

    For one user, SSH access now requires a certificate instead of root password, preventing entry: "If your password cannot log in. The server login method
    has also been changed to certificate login mode, please check and confirm, if so, immediately reinstall your server, erase traces, the German police are acting," that person allegedly wrote.

    "I confirm that guests have visited my server and the password has been deleted.rootServer login became strictly certificate-based, so I had to immediately delete everything and power down the server, another one wrote. Those who installed it manually were probably unscathed, but those who installed it through the "smart panel" were hit hard.

    At the same time, BleepingComputer uncovered the website for Operation
    Endgame, an ongoing police action targeting different MaaS operations, currently has a countdown timer, set to expire in approximately 21 hours.

    Operation Endgames last activity was in May 2025, when Europol and Eurojust dismantled a ransomware kill chain. In that operation, the police seized roughly 300 servers, took down 650 domains, and issued international arrest warrants against 20 individuals. The police also seized 3.5 million in
    various cryptocurrencies.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/top-infostealer-disrupted-after-crimina ls-lose-server-access

    $$
    --- SBBSecho 3.28-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)