Operation Endgame Disrupts AvCheck, Forces Threat Actors to Seek Alternatives
Law enforcement agencies recently dismantled avcheck[.]net through Operation Endgame, a major international effort targeting cybercrime infrastructure. This platform was known for helping cybercriminals test their concealed malware against antivirus systems to ensure it would go undetected.
With AvCheck now offline, eSentire’s Threat Response Unit (TRU) has observed cybercriminals shifting to alternative platforms like scanner[.]to, kleenScan[.]com, and avscanner[.]org, which offer similar capabilities for testing malware against multiple antivirus engines.
Threat Actor Methodology
Cybercriminals who provide or use “crypting” services - where malware is specially encoded or “packed” to avoid detection before being distributed to victim machines typically follow a systematic testing process:
- They begin by using a crypter to pack (or disguise) their original but detectable malware
- The newly packed malware is then uploaded to scanning services to test against antivirus (AV) and endpoint detection and response (EDR) systems
- Based on the scan results, they either:
- Proceed with distribution, if few or no security tools detect the malware
- Or, if detection rates are too high, return to step one to try different packing methods
This cycle continues until the threat actors achieve their desired level of evasion.
To read the complete article see:
Operation Endgame Disrupts AvCheck, Forces Threat Actors to Seek Alternatives
📰 Explore open roles and join us:
Team Cymru Careers