An international law enforcement task force has disrupted the infrastructure behind six malware droppers, malicious programs that play a key role in hacking campaigns.

Europol, which led the task force, announced the development today. The effort included hundreds of law enforcement officials  from Denmark, France, Germany, the Netherlands, the U.K., and the U.S. Europol described the takedown as the largest-ever operation against botnets.

“Europol facilitated the information exchange and provided analytical, crypto-tracing and forensic support to the investigation,” the agency detailed. “The command post at Europol facilitated the exchange of intelligence on seized servers, suspects and the transfer of seized data.”

Hackers often don’t transmit malware directly to their targets’ networks, but rather send it inside a software package known as a dropper. The dropper’s purpose is to camouflage the malware in a way that will make it more difficult for companies’ cybersecurity systems to detect. That is often achieved by making malicious program appear as a legitimate application.

In some cases, droppers also perform other tasks. Such programs sometimes carry out code obfuscation, which is the process of making malware less susceptible to reverse engineering. That makes it more difficult for cybersecurity professionals to understand malicious programs’ code and thereby complicates breach prevention efforts.

In the takedown detailed today, the Europol-led task force shut down or disrupted more than 100 servers that were used to spread malware droppers. The machines were scattered across nearly a dozen countries. Officials also seized 2,000 domain names.

According to Europol, the disrupted infrastructure powered six of the most well-known malware droppers in the cybercrime ecosystem: IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. Officials made four arrests in connection with the droppers and added eight fugitives to Europe’s Most Wanted list.

It’s estimated that the disrupted hacking operation caused hundreds of millions of dollars’ worth of damage. The cybercriminals targeted individuals, companies and government agencies. 

“This approach had a global impact on the dropper ecosystem,” Europol stated. “The malware, whose infrastructure was taken down during the action days, facilitated attacks with ransomware and other malicious software.”

The development comes a day after the U.S. Justice Department revealed that it had disrupted a botnet believed to be one of the largest of its kind in the world. The botnet, which was known as 911 S5,  infected millions of computers using malware spread through virtual private network tools. Law enforcement officials arrested the botnet’s operator and disrupted the servers that powered the malware. 

Image: TheDigitalArtist/Pixabay