Authorities in Europe have revealed the identities of eight individuals linked to several malware loader families that were disrupted last week as part of Operation Endgame.
The suspects are wanted for their involvement in the distribution and administration of Bumblebee, IcedID, Pikabot, Smokeloader, SystemBC, and Trickbot, which have been used for years to steal user data, distribute other malware families, and facilitate phishing and other malicious activities.
As part of Operation Endgame, law enforcement agencies in 13 countries, with support from Europol, performed arrests and house searches, and shut down servers and seized domains serving as the infrastructure for the six malware loader families.
Europol also announced that it was monitoring financial accounts linked to eight suspects, including one that earned more than €69 million (roughly $75 million) in proceeds from the illegal activities.
On May 30, Europol added the eight individuals to its Most Wanted list, disclosing their alleged involvement in the operation of the malware loaders.
According to Europol, Airat Rustemovich Gruber, 42, of Russia, has been the administrator of the Smokeloader botnet, which first appeared in 2011, abusing the infected machines for data theft and the installation of other malware for a fee.
Five other Russian nationals, namely Oleg Vyacheslavovich Kucherov, Sergey Valerievich Polyak, Fedor Aleksandrovich Andreev, Georgy Sergeevich Tesman, and Anton Alexandrovich Bragin, are wanted for their ties with the TrickBot cybergang.
They allegedly sought new infection methods, searched for new victims, tested the malware, obfuscated the TrickBot code, and improved the botnet’s admin panel, respectively.
Andrei Andreyevich Cherepanov and Nikolai Nikolaevich Chereshnev, Europol notes, presumably worked as crypters for TrickBot, ensuring that its code is disguised. Chereshnev also maintained the group’s VPN infrastructure.
“According to investigations conducted by the BKA [the German Federal Criminal Police Office], the TrickBot group temporarily consisted of more than 100 members. It works in an organized and hierarchically structured manner and is project and profit oriented. The group is responsible for the infection of several hundred thousand systems in Germany and worldwide,” Europol notes.
In addition to TrickBot, the TrickBot cybergang is also known for using malware families such as Bazarloader, Conti, Diavol, IcedID, Ryuk, and SystemBC.
The eight suspects are also listed on the BKA’s website, along with a brief on Operation Endgame and on the harm malware loaders can cause.
Related: German Authorities Take Down ‘Crimemarket’ Cybercrime Website
Related: Police Dismantle Major Ukrainian Ransomware Operation
Related: DoJ: Estonian Man Tried to Acquire US-Made Hacking Tools for Russia
