- Rhadamanthys’s information thief interrupted; Cybercriminals are excluded from web panels.
- The promoter blames the German police; Tor site offline without seizure banner
- Operation Endgame countdown suggests broader police action against MaaS
Information stealer Rhadamanthys, one of the most popular malware-as-a-service (MaaS) offerings on the dark web, has apparently been discontinued and many of its clients are blocked.
Researchers known as g0njxa and Gi7w0rm noted that several cybercriminals reported problems using the tool, as police gained access to their web panels.
The MaaS developer blamed German police for the outage, saying entities with German IP addresses were logging into web panels hosted in EU data centers just before access was revoked.
German police blamed
However, German police have yet to confirm or deny these claims. talking to beepcomputerG0njxa said Rhadamanthys’ Tor site is also offline, but it currently doesn’t have the usual police seizure banner, so there’s still a chance this is the work of a different actor.
For one user, SSH access now requires a certificate instead of a root password, preventing entry: “If your password cannot log in. The server login method has also been changed to certificate login mode, please check and confirm, if so, immediately reinstall your server, delete traces, the German police are acting,” that person allegedly wrote.
“I confirm that guests visited my server and the password was removed. Login to rootServer became strictly certificate-based, so I had to immediately remove everything and shut down the server,” wrote another. “Those who installed it manually probably came out unscathed, but those who installed it via the ‘smart panel’ were hit hard.”
At the same time, beepcomputer discovered the website for Operation Endgame, an ongoing police action targeting different MaaS operations, which currently has a countdown timer, which will expire in approximately 21 hours.
The last Operation Endgame activity was in May 2025, when Europol and Eurojust dismantled a ransomware takedown chain. In that operation, police seized approximately 300 servers, took down 650 domains, and issued international arrest warrants for 20 people. The police also seized 3.5 million euros in various cryptocurrencies.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
