Dutch Police Lead Shut Down of Counter AV Service AVCheck

European and American law enforcers claim to have taken offline one of the world’s most prolific Counter Antivirus (CAV) services.

AVCheck allowed malware developers to check whether their code would be detected by commercial antivirus tools, enabling them to design more covert and effective offerings.

The operation was announced on Friday by the Dutch Politie, which said it had cooperated with American and Finnish law enforcers to take the service down and thereby disrupt a key part of the cybercrime ecosystem.

Matthijs Jaspers, team leader at the Dutch National High Tech Crime Unit, said the operation marked an “important step” in the fight against cybercrime.

“This will disrupt cybercriminals as early as possible in their operations and prevent victims. In recent years, the investigation has also collected important evidence about the administrators and users of the AVCheck service and the associated services Cryptor.biz and Crypt.guru,” he added.

Read more on Operation Endgame: Europol-Led Operation Endgame Hits Botnet, Ransomware Networks

A seizure notice written in English and Russian revealed that the operation had been made possible “by exploiting the mistakes of the admins.”

It added that, “The admins did not provide the security they promised. Law enforcement took the servers of AVCheck offline and seized the user database with user information (amongst which usernames, email addresses, payment information and more).”

Investigators will now be combing through that intelligence to track down criminal users of the popular CAV service.

The takedown, which occurred on May 27, was “closely related” to the broader Operation Endgame initiative launched in May 2024 to disrupt the criminal networks behind initial access malware such as IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. 

“Cybercriminals are difficult to track down. That is why it remains crucial to invest in a broad approach to stay one step ahead of them,” said Jaspers.

“National and international intervention and public-private partnerships are becoming increasingly important – with the aim of combating victims, stopping crimes and preventing online crime from growing. We do not only focus on our traditional task of detection and prosecution, but also on other types of interventions to increase digital security.”

A US Department of Justice (DoJ) release echoed similar sentiments.

“Modern criminal threats require modern law enforcement solutions. As cybercriminals have become more sophisticated in their schemes, they have likewise become more advanced in their efforts to avoid detection,” said US attorney Nicholas Ganjei.

“As such, our law enforcement efforts must involve striking not just at the individual fraudster or hacker, but the enablers of these cybercriminals as well. This investigation did exactly that. With this syndicate shut down, there is one less provider of malicious tools for cybercriminals out there.”