Find notable cyber news and cases, enriched with sources, timelines, and signals.

Korean police arrest Lithuanian KMSAuto malware suspect

Law Enforcement
First reported
Last updated
Happening score
H score 58
1 unique sources, 1 articles

Summary

Hide ▲

South Korean police arrested a Lithuanian national in a KMSAuto malware case, escalating a cross-border probe into clipboard-stealing attacks and crypto theft. Investigators say the malware was disguised as an illegal Windows and Office activator and was used to infect 2.8 million systems. The arrest matters because the alleged operation reached virtual-asset users and caused about KRW 1.7 billion ($1.2 million) in losses.

Related Happenings

StealC and Amadey infostealer infrastructure disruption

Malware Activity
H score69 First: 24.06.2026 18:25 Last: 24.06.2026 18:25 Sources 1

About this happening: **StealC** and **Amadey** malware infrastructure was disrupted in **Operation Endgame**, cutting off the command-and-control services used to manage infected systems. Europol said...

Operation Endgame takedown of Amadey and StealC infrastructure

Law Enforcement
H score66 First: 24.06.2026 18:02 Last: 24.06.2026 18:02 Sources 1

About this happening: An **international law-enforcement takedown** under **Operation Endgame** disrupted shared infrastructure used by **Amadey** and **StealC**, with **Microsoft**, **Europol**, and i...

DoJ Disruption Week crypto fraud takedown

Law Enforcement
H score46 First: 04.06.2026 09:06 Last: 04.06.2026 09:06 Sources 1

About this happening: Authorities **arrested** seven scammers in Thailand and disrupted a **crypto fraud** network tied to **Disruption Week**, expanding pressure on transnational scam operations targe...

Operation KRATOS 2 streaming piracy crackdown

Law Enforcement
H score55 First: 03.06.2026 13:12 Last: 03.06.2026 13:12 Sources 1

About this happening: **European and international law enforcement** dismantled **nine organized crime groups** and arrested **29 suspects** in **Operation KRATOS 2**, a cross-border crackdown on **ill...

Microsoft civil action against Fox Tempest infrastructure takedown

Regulatory/Legal Action
H score24 First: 19.05.2026 18:00 Last: 19.05.2026 18:00 Sources 1

About this happening: Microsoft filed a **civil action** against **Fox Tempest** in the **US District Court for the Southern District of New York**, securing a **court order** that enabled a broad disr...

Timeline

  1. 29.12.2025 21:25 2 articles · 6mo ago

    Initial report: Korean police arrest Lithuanian KMSAuto malware suspect

    Initial Disclosure

    The case began in **August 2020** after a report of **clipper malware** swapping cryptocurrency wallet addresses, launching an investigation that later connected the activity to a cross-border suspect and arrest.

    Show sources