International law enforcement agencies cleaned nearly 15,000 malware-infected WordPress websites and took down more than 100 servers linked to the SocGholish botnet and the Evil Corp Russian cybercrime group.
This joint action (supported by Europol and Eurojust) was part of Operation Endgame, a major law enforcement operation targeting cybercrime now aimed at disrupting a key infection chain linked to Evil Corp.
Authorities from the Netherlands (NHCTU), Canada (RCMP), the United States (FBI), and Germany (BKA) cleaned SocGholish malware infections from 14,971 compromised WordPress websites and took 106 servers and domains offline.
While the Dutch police removed the malware and backdoors from the infected sites, it also advised the website owners to change their credentials, enable multi‑factor authentication, delete any unknown WordPress accounts, and keep their WordPress site up‑to‑date.
"With these actions we deprive cybercriminals of access to infected computer systems. This prevents further damage to the digital systems of citizens, businesses and organizations worldwide and limits the spread of malware," said Maikel Rollman, of the Netherlands' National High Tech Crime Unit.
