Interpol Infostealer malware crackdown leads to arrests of 32 people

Police around the world have arrested 32 people as part of a major operation pushing down Infostealer malware, led by Interpol.

According to a statement released by InterPoL, law enforcement agencies from 26 countries are working to map physical networks and ultimately carry out a targeted takedown.

Over 20,000 IPs and domains have been removed as part of the operation, and over 100GB of data has been seized on 41 servers. Takedown reportedly neutralised 79% of suspicious IP addresses identified by Interpol with support from private sector partners such as Kaspersky, Trend Micro and Group-IB.

In the sweep, 18 suspects were arrested in Vietnam, 12 in Sri Lanka and two more in Nauru. In Vietnam’s arrests, the group leader was found with more than VND 300 million ($11,500) of cash.

In a statement, Neal Jetton, director of Interpol’s Cyber ​​Crime, said the operation “remained the power of intelligence sharing to destroy malicious infrastructure and prevent massive harm to both individuals and businesses.”

What is Infostealers?

Infostealer malware is usually used to infiltrate organizational networks to steal browser credentials, cookies, passwords, credit card details, and cryptocurrency wallet data.

Logs harvested by Infostealers are increasingly trading at Cybercriminal Auldground to allow for further attacks. These include ransomware, data breaches, fraud schemes, and more.

After the safe operation, authorities informed more than 216,000 victims and potential victims to take immediate action to secure themselves. This includes changing your password, freezing your account, and removing unauthorized access.

I’ll talk DecryptionDmytro Yasmanovych, a compliance service lead from blockchain security auditor Hacken, praised the operation, but warned that Infostealer Networks is “very resilient and will rebuild the infrastructure through bulletproof hosting and high-speed rotating domains.”

Yasmanovych pointed out that compliance alone is not enough for Web3 organizations. “Effective defense requires a fusion of robust endpoint hardening, continuous on-chain and off-chain monitoring, and real-time threat intelligence sharing,” he said. “Only through this multi-layered, aggressive attitude, the industry can stay ahead of the rapidly evolving campaigns of infotealer campaigns targeting crypto wallets and private keys.”

Hacken’s senior blockchain protocol security auditor, Aliashar, added: “To transform this victory into permanent disruption, we need to continue the momentum,” pointing out the importance of timely victim alerts, continued public and private sharing, and follow-up enforcement.