AVCheck Takedown Hits Cybercrime Malware Testing Network

Law enforcement agencies from the U.S., Europe, and other international partners have dismantled AVCheck, a cybercriminal platform used to test and encrypt malware to evade antivirus detection. Officials seized four domains and associated servers as part of Operation Endgame, a multinational crackdown on malware infrastructure.

AVCheck offered counter-antivirus (CAV) services and crypting tools, enabling cybercriminals to obscure malware and bypass security systems. Authorities say these services were instrumental in supporting ransomware groups that targeted victims globally, including in the Houston metropolitan area.

Undercover purchases and digital forensics linked the platforms to known threat actors. Investigators reviewed emails and digital evidence to confirm the services’ criminal use.

The FBI’s Houston Field Office led the U.S. component, with support from the Netherlands, Finland, and the U.S. Secret Service. The operation reflects a growing focus on dismantling the infrastructure that enables cyberattacks, not just pursuing individual hackers.