11.06.2025
2 min
531
Over 32 arrests, 20,000 malicious domains taken down, hundreds of thousands of victims warned — these are the results of Interpol’s global special operation against the data-stealing malware known as infostealer.
From January to April 2025, law enforcement officers from 26 countries, mostly in Asia, with the support of private cyber companies, conducted a large-scale analytical and technical operation. As a result, more than 100 GB of stolen data was seized, 41 servers were confiscated, and 216,000 people were notified of a potential data leak. In Vietnam, 18 people were arrested for creating business accounts for cybercriminals. 117 C2 servers were also discovered that coordinated phishing and fraud through social networks.
Infostealer malware is a type of malware that specializes in stealing passwords, card data, and crypto wallets. The information obtained is sold on darknet forums or used for ransomware-type attacks. The operation focused on Lumma, RisePro, and Meta variants. In May 2025, the Lumma infrastructure (2,300 domains) was dismantled, but some servers in the Russian Federation remained active.
Although this operation significantly hit the key infrastructures of infostealers, experts admit that the fight is far from over. New forms of malware adapt quickly, so international cooperation remains critically important.
