AVCheck cyber crime service snared in police takedown
An international law enforcement operation has disrupted an online software crypting syndicate which helps cyber criminals protect their malware from detection.
Four domains and their associated server offering counter-antivirus (CAV) tools have been seized by the FBI Houston Field Office, working with law enforcement partners in the Netherlands and Finland and the US Secret Service.
When used with crypting services that make malware difficult for antivirus programs to detect, CAV allows criminals to obfuscate the malware, making it undetectable and enabling unauthorized access to computer systems.
“Cyber criminals don’t just create malware; they perfect it for maximum destruction,” said FBI Houston special agent in charge Douglas Williams.
“By leveraging counter antivirus services, malicious actors refine their weapons against the world’s toughest security systems to better slip past firewalls, evade forensic analysis, and wreak havoc across victims’ systems.”
The operation targeted AVCheck, one of the largest Counter Antivirus (CAV) services used by cybercriminals around the world.
The investigators made undercover purchases from seized websites and analyzed the services, confirming they were designed for cyber crime. They also reviewed linked email addresses and other data connecting the services to known ransomware groups that have targeted victims both in the US and other countries.
Meanwhile, as well as taking down AVCheck, the Netherlands’ High Tech Crime Team has made wider interventions, including creating a fake login page to deter users of AVCheck. Authorities said the investigation has also yielded ‘key evidence’ on the administrators and users of AVCheck and its related services Cryptor.biz and Crypt.guru.
“Modern criminal threats require modern law enforcement solutions. As cybercriminals have become more sophisticated in their schemes, they have likewise become more advanced in their efforts to avoid detection,” said US attorney Nicholas J Ganjei.
“As such, our law enforcement efforts must involve striking not just at the individual fraudster or hacker, but the enablers of these cybercriminals as well. This investigation did exactly that. With this syndicate shut down, there is one less provider of malicious tools for cybercriminals out there.”
The seizures were made as part of Operation Endgame, a multinational law enforcement initiative aimed at dismantling cyber criminal services.
This latest effort follows another Operation Endgame move last week in which hundreds of servers were taken down as part of an international operation against ransomware groups. Three hundred servers were taken down, 650 domains neutralized, and nearly two dozen international arrest warrants issued.
“Cyber criminals are often hard to track down, so it is important to invest in a broad approach so the authorities can keep a step ahead,” said Matthijs Jaspers, team lead of the Netherlands’ High Tech Crime Team.
“Joint interventions by national, international, and public-private partnerships are becoming increasingly important to prevent victims, stop crimes, and stop online crime in its tracks.”
MORE FROM ITPRO
Source link
