Interpol has revealed that it has conducted a major operation against several malware programs specializing in data theft. The offensive spanned several months, from January to April 2025, and required the support of law enforcement agencies from 26 countries. The operation, dubbed "Operation Secure," was also made possible by the expertise of several cybersecurity giants, namely Kaspersky, Group-IB, and Trend Micro.
At the end of the operation, authorities arrested 32 suspects, seized 41 servers, confiscated 100 GB of data, and blocked more than 20,000 malicious IP addresses. In the process, investigators notified 216,000 victims of cybercriminals that their personal data had been compromised. Interpol states that numerous seizures, searches, and arrests have taken place in Asian countries, such as Vietnam and Sri Lanka. The leader of the criminal group was arrested on Vietnamese soil.
Thanks to information provided by Interpol, the Hong Kong police were able to analyze more than 1,700 data points and identify 117 servers used by hackers to conduct their attacks. These servers, which were spread across 89 different hosting providers, were used to launch online scams, phishing campaigns, and social media scams.
A new blow for Lumma Stealer
Among the viruses short-circuited by Interpol are MetaStealer, a virus that has been targeting Windows and macOS since 2022; RisePro, a prolific data stealer since last year; and the infamous Lumma Stealer. This is already the second police operation against the data-stealing malware this year. At the end of May, a major joint operation led by the US justice system, Europol, and Microsoft dealt a severe blow to Lumma Stealer by cutting off access to more than 300,000 infected computers. The virus managed to survive, but its reputation was considerably tarnished. Interpol's offensive doesn't help matters.
The malware targeted by "Operation Secure" is known for stealing account login information, browser cookies, and crypto wallet private keys. Very often, the information is resold on criminal markets. It can fuel scams, such as phishing. This data then leads to intrusions or other thefts of even more sensitive data, such as banking details. As Group-IB points out in its press release, the stolen data is often used as a "starting point for financial fraud or ransomware attacks".
Data-stealing viruses are called infostealers. Increasingly dangerous and widespread, they are the cause of a large number of security incidents in recent years, including the major cyberattack against hundreds of Snowflake customers last year. In one year, nearly ten million devices worldwide are infected by infostealers, according to Kaspersky estimates.
Source: Interpol
0 Comments