Law enforcement agencies across eight nations struck a decisive blow against cybercriminal infrastructure on May 27, 2025, seizing four critical domains that facilitated malware distribution and evasion techniques. The U.S. Department of Justice led the multinational operation, targeting domains including AvCheck[.]net, Cryptor[.]biz, and Crypt[.]guru, which now display federal seizure notices.
The coordinated effort involved authorities from the United States, Netherlands, Finland, France, Germany, Denmark, Portugal, and Ukraine, demonstrating unprecedented international cooperation against transnational cybercrime. Undercover law enforcement purchases confirmed these platforms provided crypting and counter-antivirus services, allowing criminals to test and conceal malware from security software before deployment. Zero-day exploits remain a significant concern as cybercriminals constantly seek new vulnerabilities to exploit.
AvCheck represented one of the world’s largest counter-antivirus services, serving a global clientele of threat actors who relied on its obfuscation capabilities. The seized domains operated as a specialized syndicate, offering tools that made malware virtually invisible to antivirus solutions, aiding unauthorized system access and data theft across international networks.
AvCheck operated as a global syndicate providing sophisticated obfuscation tools that rendered malware virtually undetectable to antivirus systems worldwide.
The takedown notably disrupts cybercriminal operations by eliminating access to sophisticated evasion technologies. Without these crypting services, malware faces increased detection rates, forcing criminals to seek alternative, potentially less effective resources. This uncertainty undermines coordination within criminal networks and impedes their service delivery capabilities.
The operation addresses a critical component of the broader cybercrime ecosystem, which continues expanding at alarming rates. Global cybercrime costs project to reach $10.5-$12 trillion annually by 2025, with cyberattack volumes rising 30% in Q2 2024 alone. Business email compromise scams have generated over $55 billion in losses across a decade, while cryptocurrency addresses linked to criminal activity received approximately $51 billion in stolen funds during 2024. The growing threat is particularly concerning as 71% of cyber leaders believe that risks outpace small businesses’ cybersecurity capabilities.
Despite these enforcement successes, law enforcement faces substantial challenges, recovering only around 2% of illicit criminal proceeds. The seized domains served both domestic and international cybercriminal clientele, highlighting the global scale of malware evasion services and the continuing need for multinational cooperation in dismantling criminal infrastructure that supports large-scale cyberattacks. Organizations involving law enforcement in cybersecurity incidents can save an average of $1 million in ransom payments, demonstrating the financial benefits of cooperation between private sector and authorities.
