Using Evidence From Seized Databases, Europol Arrests Five SmokeLoader Clients.

" In a coordinated series of actions, customers of the Smokeloader pay per install botnet, operated by the actor known as 'Superstar,' faced consequences such as arrests, house searches, arrest warrant or knock and talks, " Europol stated in a statement. According to the allegations, Superstar operated a pay per install service that allowed it's clients to access victim computera without authorization and use the loader as a means of distributing their preferred next stage payloads.

The European law enforcement agency claims that the botnets access was utilized for a number of things, including Bitcoin mining, ransomware deployment, keylogging, and webcam access. The most recent action is a component of operation Endgame, a concerted exercise that has been continuing since last year and resulted in the removal of internet infrastructure linked to several malware loader operations, including IcedID, systemBC, PikaBot, SmokeLoader, Bumblebee, and TrickBot.

The follow up project, which aims to concentrate on the " demand side " of the cybercrime ecosystem, involved participation from the United States, Canada, the Czech Republic, Denmark, France, Germany, and the Netherlands. According to Europol, authorities located the clients listed in a previously obtained database, connected their online identities to actual people, and contacted them for interrogation.

In order to gather digital evidence, an unknown number of suspects are thought to have chosen to cooperate and have their personal devices inspected. " Several suspects resold the services purchased from SmokeLoader at a markup, thus adding additional layer of interest to the investigation," Europol stated. "Some of the suspects had assumed they were no longer on law enforcement's radar, only to come to the harsh realisation that they were still being targeted."