RCMP Alert: Global Cyber Operation Disrupts Major Malware Networks

Section 1: Community Cyber Safety Alert

The RCMP Federal Policing Pacific Region Cybercrime Investigation Team – Vancouver (CIT-V) has played a leading national role in a sweeping global cyber operation targeting the SocGholish malware network and related criminal infrastructure. This coordinated enforcement action, conducted during a dedicated international action week, focused on malicious software that deceives users into installing harmful files disguised as legitimate system updates.

This joint effort, known as Operation Endgame, brought together law enforcement agencies from multiple countries to clean infected WordPress sites, disrupt malware distribution, and notify affected victims. The operation significantly weakened several major cybercrime tools, including SocGholish, Amadey, and StealC, which have been used worldwide to harvest credentials, spread additional malware, and enable financial theft.

Section 2: Official Details from RCMP and Partners

The CIT-V team dedicated coders, analysts, investigators, and project managers to the international project, focusing on the technical backbone that enabled these malware families to spread. Their work helped dismantle infrastructure that had been used to trick unsuspecting users into downloading malicious files masquerading as routine updates.

The final operational results reported by law enforcement include:

• Over $66 million CAD (40 million EUR) in suspected criminal crypto assets identified, flagged, and restricted from further use.
• Recovery of up to 27 million stolen login credentials linked to compromised users around the world.
• Law enforcement actions taken against 36 servers and 142 domains, significantly disrupting the malware distribution network.
• Remediation of approximately 15,000 compromised websites, with work undertaken to ensure these sites could be considered secure.

Participating countries and agencies included:

• Federal Bureau of Investigation (FBI), United States of America
• National Crime Agency (NCA), United Kingdom
• Danish Police (Politi), Denmark
• Federal Criminal Police Office (BKA), Germany
• National High Tech Crime Unit (NHCTU), Netherlands

The operation also involved cooperation with Europol and Eurojust, as well as multiple private-sector partners. This public–private collaboration has raised the difficulty level for cybercriminals who rely on large-scale infrastructure to deploy malware and steal data.

Incidents of cyber-enabled crime can impact individuals and organizations in every community, from large cities to smaller municipalities. For example, residents reviewing local risk profiles through resources like the Strong, Ontario crime statistics and safety data can better understand how digital and traditional crime trends intersect in their area.

Section 3: CrimeCanada.ca Safety Perspective

From the perspective of CrimeCanada.ca, this operation underscores how cybercrime is now a core public safety issue for communities across Canada. Malware such as SocGholish, Amadey, and StealC is designed to silently capture passwords, spread further infections, and enable fraud and extortion. Even when major global infrastructure is disrupted, individuals and businesses must continue to strengthen their own defenses.

To reduce your risk from similar threats, Canadians should be cautious of any prompt to install updates that does not come directly from their operating system or trusted app store, avoid downloading files from unfamiliar websites, and use unique, strong passwords with multi-factor authentication wherever possible. Monitoring local safety information, including tools like our Malahide, Ontario crime and safety statistics, can help connect national cybercrime trends to the realities on the ground in your community. Our mission is to make complex operations like Operation Endgame understandable so that residents can take practical steps to protect their accounts, devices, and families.

Official Source & Community Safety

This safety alert is based on an official release from the Royal Canadian Mounted Police (RCMP). CrimeCanada.ca aggregates and analyzes this data to keep the canada community informed, aware, and safe. We are an independent safety data aggregator and not the original creators of the underlying incident report.

Read the full official release here: RCMP Official Statement.