A large-scale international law enforcement effort orchestrated by Interpol has marked one of the most significant takedowns of a malware network to date.
The coordinated operation spanning 26 countries resulted in the shutdown of over 20,000 domains and the arrest of 32 individuals.
Bleeping Computer reports that the operation was spearheaded by Interpol.
Conducted from January to April 2025, the initiative concentrated on disrupting infostealer malware groups responsible for stealing financial and personal information through widespread infections. The outcomes of Operation Secure are noteworthy:
- More than 20,000 malicious IPs/domains associated with infostealers dismantled
- 41 servers aiding infostealer operations confiscated
- 32 individuals apprehended
- 100 GB of data seized
- 216,000 victims informed
Infostealers refer to malware intended to extract personal data from devices, including login information, financial details, and crypto wallet credentials. This data is then sold on the dark web, facilitating identity theft and various fraudulent activities.
Historically, Macs weren’t a primary target for malware due to lower device penetration and built-in security features. However, this trend has shifted significantly in recent years as Mac users have become viewed as valuable targets. Even Apple’s Craig Federighi has labeled the current state of Mac malware as “unacceptable.”
Malware has also been discovered in iPhone applications, despite Apple’s assertions regarding the safety of its app ecosystem.
The participating nations included Brunei, Cambodia, Fiji, Hong Kong, India, Indonesia, Japan, Kazakhstan, Kiribati, Korea, Laos, Macau, Malaysia, Maldives, Nauru, Nepal, Papua New Guinea, Philippines, Samoa, Singapore, Solomon Islands, Sri Lanka, Thailand, Timor-Leste, Tonga, Vanuatu, and Vietnam.
Interpol referenced the findings from Hong Kong as a prime example.
The Hong Kong Police analyzed over 1,700 intelligence reports provided by INTERPOL, identifying 117 command-and-control servers hosted across 89 internet service providers. These servers served as central hubs for cybercriminals to instigate and manage malicious campaigns, including phishing, online fraud, and social media scams.
Highlighted Accessories
Photo by Michael Förtsch on Unsplash
