Last week the U.S. Department of Justice (DoJ) announced a key international operation to battle the scourge of cybercrime. More than 700 websites selling hacking tools were seized during this operation. This collaborative endeavor piled up over 50 participating countries, like France, Germany, Denmark, Portugal, and Ukraine. United in purpose and message, they provided a comprehensive image of combatting cybercriminal activities.
This operation explicitly targeted AvCheck. Dutch officials hailed it as one of the biggest crypting-as-a-service (CAV) providers employed by cybercriminals worldwide. The action against AvCheck is the fourth large-scale enforcement initiative in recent months. This increase shows unprecedented resolve by the U.S. and partners to throw a wrench in the cybercrime ecosystem. We took down Lumma Stealer and DanaBot. We took control of hundreds of domains and servers associated with different malware families that drop ransomware.
The DoJ’s announcement did a great job unpacking how crypting works. It’s a process that employs complex software to avoid being detected by malware and antivirus programs.
“Crypting is the process of using software to make malware difficult for antivirus programs to detect,” – U.S. Department of Justice
In addition, the Canadian cybersecurity company lifted the hood on what’s possible with PureCrypter, a malware-as-a-service (MaaS) offering. PureCrypter has been associated with the distribution of information stealers such as Lumma and Rhadamanthys. It uses extensive techniques like AMSI bypass, DLL unhooking and anti-debugging techniques. Most recently, it added capabilities to avoid Windows 11 24H2 security protections using API patching.
“The malware employs multiple evasion techniques including AMSI bypass, DLL unhooking, anti-VM detection, anti-debugging measures, and recently added capabilities to bypass Windows 11 24H2 security features through NtManageHotPatch API patching,” – Canadian cybersecurity company
In recent testimony, FBI officials have emphasized the consequences of these operations. Douglas Williams, Special Agent in Charge of the FBI Houston division, referred to the advanced nature of today’s malware development.
“Cybercriminals don’t just create malware; they perfect it for maximum destruction,” – Douglas Williams
He went into detail about the tactics used by these bad actors.
“By leveraging counter-antivirus services, malicious actors refine their weapons against the world’s toughest security systems to better slip past firewalls, evade forensic analysis, and wreak havoc across victims’ systems,” – Douglas Williams
This level of international collaboration highlights an increasing understanding of the need for a unified front in the battle against cyber threats. So law enforcement authorities are vigorously working to dismantle these underground networks. Their mission is to safeguard people and businesses from the increasing sophistication of cybercrime.