English
“compiled: Elmili TK”
RCMP cybercrime operation targets a major international malware network after Canadian investigators joined a global crackdown against cybercriminals linked to the Russian hacking group Evil Corp. Authorities announced Friday that the coordinated action disrupted a large-scale malware campaign responsible for infecting thousands of websites and tricking users into downloading malicious software. Officials say the RCMP cybercrime operation targets one of the most active cybercrime infrastructures operating across multiple countries.
The Royal Canadian Mounted Police confirmed that investigators worked alongside law enforcement agencies in the Netherlands, the United States, and Germany. The coordinated effort formed part of an international campaign known as Operation Endgame. Investigators focused specifically on SocGholish malware, a dangerous cyber threat designed to impersonate legitimate software updates and silently compromise victims’ systems. Authorities say cybercriminals used this malware to gain unauthorized access to sensitive data and computer networks worldwide.
SocGholish malware exploited thousands of websites
Investigators found that hackers primarily spread the malware by compromising WordPress websites. Once attackers gained access, they altered website code and displayed fake browser update notifications to unsuspecting visitors. These pop-up messages convinced users to download files disguised as urgent security or software updates. However, once installed, the files allowed hackers to infiltrate systems and steal valuable information.
Security experts say this tactic remains highly effective because many users instinctively trust update notifications that appear while browsing online. Criminal groups often design these fake alerts to closely resemble legitimate browser warnings. As a result, even experienced internet users can fall victim if they act too quickly.
International crackdown disrupts criminal infrastructure
Dutch police released additional details about the operation and described the scale of the global enforcement effort. Authorities successfully shut down 106 servers and internet domains connected to the malware campaign. Investigators also cleaned nearly 15,000 compromised websites and removed malicious code from infected WordPress installations. In addition, officials contacted victims and warned website administrators about potential security breaches.
Law enforcement agencies say the operation significantly weakened the cybercriminal network supporting Evil Corp. However, cybersecurity experts caution that similar groups often rebuild infrastructure quickly and continue adapting their attack methods. Because of that, authorities continue monitoring related networks for future threats.
Officials urge stronger online security practices
Following the operation, investigators issued several urgent cybersecurity recommendations. Authorities urged WordPress site owners to immediately change account credentials and activate multi-factor authentication. Security teams emphasized that strong authentication adds an extra defense layer against unauthorized access attempts.
Officials also warned internet users never to trust browser pop-ups demanding immediate software updates. Cybercriminals frequently exploit urgency and fear to trick people into dangerous downloads. Experts recommend downloading updates only through official software providers or trusted system settings.
The RCMP said cybercrime threats continue evolving rapidly, which makes international cooperation increasingly essential. As global cyberattacks grow more sophisticated, coordinated operations like this one play a critical role in protecting digital infrastructure and preventing large-scale data theft.
