Korean police arrest Lithuanian KMSAuto malware suspect
Law Enforcement
Summary
Hide ▲
Show ▼
South Korean police arrested a Lithuanian national in a KMSAuto malware case, escalating a cross-border probe into clipboard-stealing attacks and crypto theft. Investigators say the malware was disguised as an illegal Windows and Office activator and was used to infect 2.8 million systems. The arrest matters because the alleged operation reached virtual-asset users and caused about KRW 1.7 billion ($1.2 million) in losses.
Related Happenings
StealC and Amadey infostealer infrastructure disruption
Malware Activity
H score69
First: 24.06.2026 18:25
Last: 24.06.2026 18:25
Sources 1
About this happening:
**StealC** and **Amadey** malware infrastructure was disrupted in **Operation Endgame**, cutting off the command-and-control services used to manage infected systems. Europol said...
StealC and Amadey infostealer infrastructure disruption
Malware ActivityAbout this happening: **StealC** and **Amadey** malware infrastructure was disrupted in **Operation Endgame**, cutting off the command-and-control services used to manage infected systems. Europol said...
Operation Endgame takedown of Amadey and StealC infrastructure
Law Enforcement
H score66
First: 24.06.2026 18:02
Last: 24.06.2026 18:02
Sources 1
About this happening:
An **international law-enforcement takedown** under **Operation Endgame** disrupted shared infrastructure used by **Amadey** and **StealC**, with **Microsoft**, **Europol**, and i...
Operation Endgame takedown of Amadey and StealC infrastructure
Law EnforcementAbout this happening: An **international law-enforcement takedown** under **Operation Endgame** disrupted shared infrastructure used by **Amadey** and **StealC**, with **Microsoft**, **Europol**, and i...
DoJ Disruption Week crypto fraud takedown
Law Enforcement
H score46
First: 04.06.2026 09:06
Last: 04.06.2026 09:06
Sources 1
About this happening:
Authorities **arrested** seven scammers in Thailand and disrupted a **crypto fraud** network tied to **Disruption Week**, expanding pressure on transnational scam operations targe...
DoJ Disruption Week crypto fraud takedown
Law EnforcementAbout this happening: Authorities **arrested** seven scammers in Thailand and disrupted a **crypto fraud** network tied to **Disruption Week**, expanding pressure on transnational scam operations targe...
Operation KRATOS 2 streaming piracy crackdown
Law Enforcement
H score55
First: 03.06.2026 13:12
Last: 03.06.2026 13:12
Sources 1
About this happening:
**European and international law enforcement** dismantled **nine organized crime groups** and arrested **29 suspects** in **Operation KRATOS 2**, a cross-border crackdown on **ill...
Operation KRATOS 2 streaming piracy crackdown
Law EnforcementAbout this happening: **European and international law enforcement** dismantled **nine organized crime groups** and arrested **29 suspects** in **Operation KRATOS 2**, a cross-border crackdown on **ill...
Microsoft civil action against Fox Tempest infrastructure takedown
Regulatory/Legal Action
H score24
First: 19.05.2026 18:00
Last: 19.05.2026 18:00
Sources 1
About this happening:
Microsoft filed a **civil action** against **Fox Tempest** in the **US District Court for the Southern District of New York**, securing a **court order** that enabled a broad disr...
Microsoft civil action against Fox Tempest infrastructure takedown
Regulatory/Legal ActionAbout this happening: Microsoft filed a **civil action** against **Fox Tempest** in the **US District Court for the Southern District of New York**, securing a **court order** that enabled a broad disr...
Timeline
-
29.12.2025 21:25 2 articles · 6mo ago
Initial report: Korean police arrest Lithuanian KMSAuto malware suspect
Initial DisclosureThe case began in **August 2020** after a report of **clipper malware** swapping cryptocurrency wallet addresses, launching an investigation that later connected the activity to a cross-border suspect and arrest.
Show sources
- Hacker arrested for KMSAuto malware campaign with 2.8 million downloads — www.bleepingcomputer.com — 29.12.2025 21:25
- Hacker arrested for KMSAuto malware campaign with 2.8 million downloads — www.bleepingcomputer.com — 29.12.2025 21:25