An international law enforcement operation has taken Avcheck down, a service used by the cyber criminal to test whether their malware is detected by commercial antivirus software before deploying their malware into the wild.
The official domain of service on avcheck.net now displays a seizure banner with the Creles of US Justice Department, FBI, US Secret Service and Dutch Police (Polity).
According to an announcement on the Polity website, the Evchec was one of the international largest counter antivirus (CAV) services, which helped cyber criminals assess their malware secret and theft.
“Offline of avcheck service is an important step in dealing with organized cyber crime,” Said that the maths of polity,
“With this (action), we disrupt cyber criminals as soon as possible in our operation and prevent victims.”
Source: Bleepingcomputer
Investigators have also found evidence connecting Evchek’s administrators to crypting services cryptors and crypt. Guru. The East has also been seized by the authorities, while the latter is offline.
Crypting services help malware writers/operators to encrypted their payload or obfusket to make them undesirable by antivirus, so they are part of the same ecosystem.
Cyber criminals use a crypting service to remove their malware, test it on Avcheck or similar Cav services, to see if it is undesirable, and only then they deploy it against their goals.
Prior to Avcheck’s takedown, the police laid a fake login page, warning users who tried to log in to the legal risks associated with using service.
An announcement by the US Department of Justice ecoses the statements of the importance of eliminating and eliminating the encrypting services, which they say that took place on 27 May 2025.
“Cyber criminals do not only make malware; they correct it for maximum destruction,” FBI Special Agent Douglas Williams said,
“By taking advantage of counter antivirus services, the malicious actor refines his weapons against the world’s most difficult security systems, which better slipping the previous firewall, exiting forensic analysis and wreaking havoc in the systems of the victims.”
To highlight the illegal nature of Avcheck and find links for ransomware attacks targeting American institutions, from the work of undercover agents shopping on these services, was presented as customers.
“According to the affidavit filed in support of these seizures, the authorities read undercover purchases from the seized websites and analyzed the services, confirming that they were designed for cyber crime, reading the announcement of the Department of Justice.
“The court documents allege that the authorities reviewed the linked email addresses and other data, which connect the services to the known ransomware groups, which have targeted victims in the United States and abroad, including the Houston region.”
The action was part of the operation andge, which was a large -scale international law enforcement action, which recently seized 300 servers and 650 domains, which was used to facilitate ransomware attacks.
The same operation previously disrupted the operation widely popular (between cyber criminal) danabot and smeokeloader malware operations
Based on the analysis of 14M malicious tasks, search for the top 10 MITERAT & CK techniques behind the 93% attacks and how to defend them against them.
