Europol announced today that police across Europe arrested six users who were customers of a malware crypter service and a counter anti-virus platform developed by a 22-year-old German man.
The arrests are the result of a one-year-long cross-country operation codenamed Operation Neuland that started in April 2016, when German police arrested the unnamed German man in the city of Koblenz.
At the time, German police carried out one of its biggest operations, deploying 700 police officers across all 16 German federal states to carry out home searches at 175 homes, owned by 170 suspects. At the time an unknown number of searches also took place in the Netherlands, France, and Canada.
German police say they seized over 300 computers, and a second individual was also arrested.
As investigators shared and rummaged through data from this initial phase of Operation Neuland with other law enforcement entities from across the globe, they uncovered new suspects.
According to Europol, authorities in Cyprus, Italy, the Netherlands, Norway, and the United Kingdom, moved in and arrested six new suspects.
The arrests took place last week, between June 5 and June 9 June, officers searched 20 houses, seized an undisclosed number of electronic devices, and also interrogated 36 additional suspects.
Europol did not reveal the name of the services the German man created.
A crypter is an application that helps developers protect their code against reverse engineering. While it has legitimate uses, there are many crypters offered on hacking forums and the cybercrime underground that are specifically designed to protect the code of malware applications.
A counter anti-virus platform is a service that allows cybercriminals to test malware against antivirus products before releasing it in the wild, limiting its exposure. Counter anti-virus platforms have been created in recent years as alternatives to services like VirusTotal, on which security researchers keep a close eye on.
This is not the first time when operators of malware crypter services have been arrested. In November 2015, UK police apprehended the two operators of the reFUD.me service, which sold the "Cryptex" malware crypter toolkit, and all its variants, known as Cryptex Lite, Cryptex Advanced, and Cryptex Reborn.