Dutch police have arrested a 33-year-old man at Amsterdam’s Schiphol Airport, allegedly the mastermind behind AVCheck. This arrest marks the newest victory for Operation Endgame, a world mission that has dismantled main malware networks like DanaBot and Rhadamanthys.
The seek for the individual behind a harmful testing floor for hackers has formally ended within the Netherlands. In accordance with official stories, the Royal Netherlands Marechaussee, the nation’s navy police, arrested a 33-year-old man believed to be the top of a large felony service, AVCheck.
The arrest befell at Schiphol Airport in Amsterdam this previous Sunday night. The suspect had reportedly been dwelling within the United Arab Emirates (UAE) for a while, however he was caught the second he returned to the Netherlands.
What was his alleged crime?
In accordance with the Dutch Police’s press launch, the person is allegedly the individual behind AVCheck, a malware screening web site. Earlier than criminals despatched out malware, they’d add it to AVCheck to see if it might be caught by antivirus software program.
If the antivirus discovered it, the hackers would hold altering their code till it was invisible. This allegedly allowed them to interrupt into computer systems and steal knowledge with out anybody understanding. To your info, this service is believed to have helped criminals refine harmful instruments just like the Lumma Stealer, which is used to grab folks’s non-public login particulars.
How they caught him
This arrest was a significant win for an enormous worldwide mission known as Operation Endgame. The Dutch police labored intently with the FBI and authorities in Finland to take the AVCheck web site down in mid-2025. The information discovered on the location’s servers led investigators straight to this suspect and two firms in Amsterdam that allegedly helped him run the platform.
Hackread.com has lined this large operation for years, noting its deep affect on the cybercrime world. Whereas this particular arrest is new, it follows a collection of profitable strikes in opposition to hacker networks.
As an example, in early 2024, police dismantled dropper networks like Smokeloader and Bumblebee, that are instruments used to secretly set up viruses on victims’ computer systems. In Could 2025, authorities efficiently took down the DanaBot community, which had contaminated 300,000 computer systems and precipitated an estimated $50 million in damages.
Most just lately, in November 2025, authorities shut down techniques utilized by teams like Rhadamanthys, which had focused hundreds of cryptocurrency wallets and stolen thousands and thousands of login particulars.
What occurs now?
Whereas these earlier missions focused the hackers themselves, this present arrest focuses on the one who allegedly supplied the instruments to assist these teams keep hidden. The suspect’s identify has not been launched to the general public to guard his privateness till a court docket really decides if he’s responsible.
When he was caught on the airport, the police seized his telephones and computer systems. Specialists are actually trying by means of these gadgets to see if he was serving to different well-known hacker teams. For now, he stays in custody because the investigation strikes into its subsequent part.
