Operation Endgame: Greek Police Arrest Alleged VenomRAT Developer

Albanian National Held in Athens

Greek police have arrested a 38-year-old Albanian man in Athens accused of creating and distributing the VenomRAT malware, following a coordinated Europol operation targeting international cybercrime networks. The suspect was detained on November 3 under a European arrest warrant issued by France.

Authorities said the man has been linked to VenomRAT, a remote access Trojan active since 2020 that enabled hackers to infiltrate systems, steal credentials, and access cryptocurrency wallets. Greek police said the malware was marketed online for between €150 a month and €1,550 a year and was designed to record keystrokes, control web cameras and harvest data, including from digital wallets.

Officers searching the suspect’s home seized seven hard drives, three USB sticks and a digital wallet containing about $140,000 in cryptocurrencies. Investigators also recovered malware source code, evidence of a website promoting the software, and access to email and crypto accounts. Greek officials said part of the digital infrastructure was hosted by a company in France, which is conducting its own inquiry alongside U.S. authorities.

Investor Takeaway

Europol’s Operation Endgame

The arrest forms part of Operation Endgame, a Europol-led investigation across ten countries including the United States, focused on dismantling large-scale malware infrastructure. Europol said the latest phase of the operation targeted infostealers such as Rhadamanthys, VenomRAT and the Elysium botnet, which together infected hundreds of thousands of computers worldwide.

Authorities said they took down or disrupted 1,025 servers and seized 20 domains used to control the malware. The dismantled infrastructure contained several million stolen credentials from infected computers, many of whose owners were unaware of the breach.

“The main suspect behind the infostealer had access to over 100,000 crypto wallets belonging to victims, potentially worth millions of euros,” Europol said in a statement. The agency added that the operation was part of a broader effort to disrupt organized cybercrime networks that monetize stolen data and cryptocurrency assets.

Expanding Cybercrime Crackdowns in Europe

Europol’s investigation follows a series of multinational efforts to dismantle malware networks responsible for large-scale data theft. In recent years, coordinated operations have targeted groups running Emotet, Qakbot and LockBit ransomware. Authorities have increasingly focused on tracing crypto transactions linked to illicit gains, as transfers remain a key channel for laundering proceeds.

Cybersecurity analysts said Operation Endgame shows that European and U.S. agencies are improving intelligence sharing, with law enforcement in several jurisdictions executing simultaneous arrests and seizures. The takedown of VenomRAT, in particular, removes a tool that had been used widely across underground forums to compromise businesses and individual investors.

Investor Takeaway

Next Steps for the Investigation

The detained suspect remains in Greek custody pending extradition proceedings to France. Both French and U.S. authorities are pursuing linked investigations into the malware’s operations and distribution network. Europol said the inquiry will continue as it tracks down other affiliates believed to have managed infrastructure or channels.

For law enforcement, Operation Endgame represents a rare instance of multiple agencies simultaneously dismantling overlapping malware ecosystems, marking one of the largest coordinated cybersecurity efforts in Europe this year.