<figure class="article-imagecontainer”>
<figcaption class="c-featured-imagedescription”>International authorities have taken down AVCheck in major cybercrime operation. (Photo: Paul Brady Photography/Shutterstock)
An extensive international law enforcement initiative has successfully dismantled AVCheck, a notorious platform utilized by cybercriminals to assess the effectiveness of their malware against commercial antivirus software prior to deployment. The website avcheck.net now bears a seizure notice adorned with the emblems of the US Department of Justice, the FBI, the US Secret Service, and the Dutch police, known as Politie.
According to a statement from Politie, AVCheck was recognized as one of the largest counter antivirus services worldwide, providing crucial support to cybercriminals in evaluating the stealth and evasion capabilities of their malicious software.
“Taking the AVCheck service offline marks an important step in tackling organized cybercrime,” remarked Matthijs Jaspers of Politie. “With this action, we disrupt cybercriminals as early as possible in their operations and prevent victims.”
Investigators have uncovered connections between the administrators of AVCheck and crypting services such as Cryptor.biz and Crypt.guru. While Cryptor.biz has already been seized by authorities, Crypt.guru is currently offline. These crypting services are instrumental in assisting malware developers to encrypt or obfuscate their payloads, rendering them undetectable by antivirus solutions. This intricate ecosystem enables cybercriminals to disguise their malware, test its efficacy on platforms like AVCheck, and deploy it only when it remains undetected.
Law enforcement warns users of legal risks before AVCheck shutdown
Prior to the takedown of AVCheck, law enforcement agencies strategically placed a fake login page on the site to caution users about the legal ramifications of utilizing such services. An announcement from the US Department of Justice underscores the importance of dismantling AVCheck and the associated encrypting services, noting that the operation was executed on May 27, 2025.
“Cybercriminals don’t just create malware; they perfect it for maximum destruction,” stated FBI Houston Special Agent Douglas Williams. “By leveraging counter antivirus services, malicious actors refine their weapons against the world’s toughest security systems to better slip past firewalls, evade forensic analysis, and wreak havoc across victims’ systems. As part of a decisive international operation, FBI Houston helped cripple a global cyber syndicate, seize their most lethal tools, and neutralize the threat they posed to millions around the world.”
Undercover agents, posing as clients and engaging in transactions on these illicit services, have revealed the illegal nature of AVCheck and its connections to ransomware attacks targeting American entities.
“According to the affidavit filed in support of these seizures, authorities made undercover purchases from seized websites and analyzed the services, confirming they were designed for cybercrime,” the Department of Justice announcement stated. “Court documents also allege authorities reviewed linked email addresses and other data connecting the services to known ransomware groups that have targeted victims both in the United States and abroad, including in the Houston area.”
Recently, the FBI issued a warning regarding the Silent Ransom Group (SRG), which has escalated its extortion activities aimed at law firms throughout the US over the past two years. Also known as Luna Moth, this group employs tactics such as callback phishing and social engineering to unlawfully infiltrate legal practices’ systems, with the intent of stealing sensitive data for ransom.
