In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader botnet's customers and detained at least five individuals.

• ThreatLabz has developed a tool named SmokeBuster to detect, analyze, and remediate infections.
• SmokeBuster supports 32-bit and 64-bit instances of SmokeLoader and versions 2017-2022. The tool is compatible with Windows 7 to Windows 11.
• SmokeLoader is a malware downloader that originated in 2011. The malware is primarily designed to deliver second-stage payloads, which include information stealers and ransomware.
• Despite a major disruption by Operation Endgame in May 2024, SmokeLoader continues to be used by numerous threat groups largely due to numerous cracked versions publicly available on the internet.
• The last four versions of SmokeLoader contain coding flaws that significantly impact an infected system’s performance.

Between 27 and 29 May 2024 Operation Endgame, coordinated from Europol’s headquarters, targeted droppers including, IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. The actions focused on disrupting criminal services through arresting High Value Targets, taking down the criminal infrastructures and freezing illegal proceeds. This approach had a global impact on the dropper ecosystem. The malware, whose infrastructure was taken down...

Continuing a string of successful botnet takedowns, on Thursday, May 30th 2024, a coalition of international law enforcement agencies announced "Operation Endgame". This effort targeted multiple botnets such as IcedID, Smokeloader, SystemBC, Pikabot and Bumblebee, as well as some of the operators of these botnets. These botnets played a key part in enabling ransomware, thereby causing damages to society estimated to be over a hundred million euros. This coordinated effort is the largest operation ever against botnets involved with ransomware.

Attackers are distributing malware using a technique that abuses the URL schema.