The Cybercrime Prosecution Division of the Headquarters participated in the international operation codenamed “Operation Endgame”, which resulted in the arrest in our country of a key suspect for the creation and sale of RAT (Remote Access Trojan) malicious software.
The operation was coordinated by Eurojust and involved police and judicial authorities from Australia, Belgium, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands, the United Kingdom and the United States, with the support of over 30 national and international public and private agencies.
The purpose was to shut down infrastructure responsible for infecting thousands of computers with malware.
The Greek contribution
The Cybercrime Prosecution Directorate also participated in the operation, through the collection of data on the said criminal activity from an internet user in Greece.
Specifically, the suspect arrested in Athens was alleged to be the creator and seller of a program designed to steal information through keystroke logging, remote webcam use, text file penetration, and cryptocurrency wallet hacking. In fact, the sale of the malicious software was made depending on the desired duration of use and the services provided from 150 euros/month to 1550 euros/12 months.
The evidence collected was brought to the attention of the competent prosecuting authority, which ordered a preliminary examination.
From the further thorough investigation by the police officers of the Cybercrime Prosecution Directorate and the utilization of information received from foreign and local companies, a 38-year-old foreigner was identified and his place of residence in the Attica area was ascertained.
Subsequently, as part of a prosecutor’s order, following a request for a European Investigation Order from the French authorities and in cooperation with Europol and Eurojust, a search was carried out on 3/11/2025 at the home of the accused, in the presence of a judicial officer, with the participation of representatives of the FBI as observers, of the Police Directorate of the Paris Judicial Police as witnesses to the investigation, as well as police officers of the Directorate Criminal Investigations.
The seized items and the computer search
From the investigation, the following were found and seized:
-11 debit bank cards of foreigners and Greek banking institutions, of which 1 is a ledger card (mastercard) to which money is transferred from cryptocurrency wallets,
-the monetary amount of 205 euros and the amount of 8,134.56 euros in cryptocurrencies,
digital wallet recovery words engraving metal plate packaging,
-7 hard drives,
-5 mobile phones,
-3 external USB storage drives – -and digital hardware wallet, with a total amount of crypto-currencies corresponding to $140,424.78.
In addition, during the on-site search of the defendant’s computer, different versions of malware source code were found, while management of a website promoting the RAT malware, as well as electronic email accounts, cryptocurrencies and other items linking him to the said illegal activity were found.
The operation of the website in question managed by the accused was stopped.
The file that was created
A case file was filed against him for the prohibition of the circulation of software, monitoring devices and other data, violation of the privacy of telephone and oral conversations, illegal access to computer systems on a professional and regular basis, as well as for violation of the legislation on the prevention and suppression of money laundering.
The arrested person was taken to the competent prosecuting authority and was referred to an Investigator, from where he was deemed a temporary prisoner and taken to a Detention Center.
At the same time, a European Arrest Warrant was issued by the French Authorities, based on which an Arrest and Temporary Detention Order was issued by the competent Court of Appeal.
It is noted that, during the International Operation “Operation Endgame”, 10 more investigations were carried out, of which 9 in the Netherlands and 1 in Germany, access to 1,025 servers (servers) internationally was interrupted and 20 websites (domains) were seized.
Citizens can check if their computer is infected and access information on what actions to take at politie.nl/checkyourhack and haveibeenpwend.com.
