A global crimeware network known as “Avalanche” was dismantled by United States and European authorities following a four-year investigation.
The U.S. Department of Justice and FBI released a joint statement regarding the takedown network which infected hundreds of thousands of computers worldwide.
“November 30 began the start of a multi-national operation to dismantle a complex, criminal network of worldwide computer servers known as Avalanche. This network hosted more than two dozen of the world’s most pernicious types of malware and several money laundering campaigns,” the statement said. “The operation involves arrests and searches in five countries. More than 50 Avalanche servers worldwide were taken offline.”
Authorities from 30 countries including Interpol and Europol participated in the operation to block and sinkhole more than 800,000 malicious Avalanche domains responsible for significant monetary losses.
“The Avalanche network, which has been operating since at least 2010, is estimated to involve hundreds of thousands of infected computers worldwide,” the FBI said. “The monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of dollars worldwide, although exact calculations are difficult due to the high number of malware families present on the network.”
Avalanche acted as a criminal company that sold and rented criminals cloud-hosted software which allowed them to take over systems, infect networks, launch ransomware or create enormous robot networks to send spam, according to USA Today.
“They would do whatever you wanted. You just had to call them, say ‘I need command and control service,’ or ‘I need to infect this type of people or this type of business,’ and they’d do it,” BitDefender Chief Security Strategist Catalin Cosoi said.
Avalanche targeted individuals as well as 40 major financial institutions to gain access to sensitive personal information such as user credentials and banking information and run “money mule” schemes where criminals recruited people to transport and launder stolen money or merchandise.
The U.S. Computer Emergency Readiness Team said the malware only affects users running Microsoft Windows and shared a list of free scanning programs to allow individuals to check if their systems had been infected.