US Takes Down Four Domains Linked to Cybercrime Encryption Services

Global law enforcement operation targets malware encryption tools in coordinated takedown.

International operation disrupts cybercrime infrastructure

US authorities, alongside European partners, have seized four internet domains allegedly used by cybercriminals to obfuscate malicious software from antivirus detection.

The operation, announced on May 27 by the US Department of Justice (DoJ), targeted websites providing so-called “crypting” and counter-antivirus (CAV) services. Threat actors generally use these tools to circumvent traditional security systems.

The operation was carried out in partnership with authorities from the Netherlands, Finland, France, Germany, Denmark, Portugal, and Ukraine, as part of Operation ENDGAME, a sustained global effort against cybercriminal infrastructure.

Domains hosting evasion tools taken down

The seized domains, AvCheck[.]net, Cryptor[.]biz, Crypt[.]guru, and one unnamed website were taken offline and now display official seizure notes.

Investigators say that undercover agents tested the illicit services by making controlled purchases to confirm their active role in facilitating cybercrime.

“Court documents also allege authorities reviewed linked email addresses and other data connecting the services to known ransomware groups that have targeted victims both in the United States and abroad, including in the Houston area,” reads the DoJ announcement.

According to Dutch officials, AvCheck[.]net stood out as one of the most heavily used CAV platforms in the world, offering users scans against dozens of antivirus engines.

Growing use of MaaS tools raises alarm

The takedown follows actions targeting the infrastructure behind other major malware campaigns. In recent weeks, authorities have disrupted Lumma Stealer, a widely used credential-harvesting tool, and dismantled parts of the QakBot and DanaBot networks.

“Cybercriminals don’t just create malware; they perfect it for maximum destruction, said FBI Houston Special Agent in Charge Douglas Williams. By leveraging counter antivirus services, malicious actors refine their weapons against the world’s toughest security systems to better slip past firewalls, evade forensic analysis, and wreak havoc across victims’ systems.”

Staying protected against cyber threats

Protecting your digital assets against crypted malware often requires more than just antivirus software. Keeping your antivirus solution up to date is crucial, as modern cybercriminals routinely adapt their techniques to disguise malicious code and bypass outdated defenses.

Using a robust solution like Bitdefender Ultimate Security can shield you from viruses, worms, Trojans, ransomware, spyware, zero-day exploits, rootkits, and other digital intrusions. Its key features include complete, real-time protection, behavioral analysis for active apps, network threat prevention, cryptomining protection, and AI-powered scam detection.