INTERPOL Shuts Down 20,000 Malicious IPs and Domains in Global Infostealer Crackdown

Online security should be a priority for everyone, especially those who are constantly connected to the internet. Individuals, businesses, and government institutions have to practice active and persistent online security to prevent attacks that could cause more than just financial losses. One simply has to check the news on personal data theft, ransomware attacks against hospitals, and government hacking to learn about the dangers of online attacks.

INTERPOL recently reported a successful operation targeting select individuals responsible for different types of attacks. Dubbed as “Operation Secure,” the international law enforcement agency worked with 26 countries to “locate servers, map physical networks and execute targeted takedowns.” The agency successfully arrested 32 individuals with active operations conducted from January to April 2025. Aside from arresting suspected individuals tied to cyber crimes, a total of 41 servers, 100 GB of data, and 20,642 total IP addresses were taken down.

These numbers are staggering, but what’s more disturbing is the number of victims notified: 216,058 victims were targeted. These victims could be individuals, businesses, or even government institutions. INTERPOL’s operation was largely conducted in select Asian countries. Individuals were arrested in Vietnam and Sri Lanka, while more than 110 servers in Hong Kong were investigated.

Uncovering the Work of Infostealers

INTERPOL’s work against these cybercriminals focuses on their work as infostealers. According to the Australian Cyber Security Centre, an infostealer is a “type of malware designed to secretly collect information from a victim’s device.” They are largely undetected and could be installed in a number of ways. A victim’s data that ranges from browser history, passwords, and computer information, such as IP address, could be stolen and used without authorization.

But stealing personal information is just a part of the cyber criminal activity. Some bad agents who have successfully stolen data from businesses and government entities with sensitive data are also selling the information. The information is also used for other activities, such as email fraud and ransomware.

An infostealer malware could be embedded in anything, and the victim will have no idea it works in the background to steal personal information. Mobile phone apps, browser extensions, computer software, modded games, and even websites could be used to embed an infostealer to an unsuspecting user.

Preventing Infostealer Attacks

A proactive approach against infostealers is the best way to protect your data online. An updated security software and tools are highly recommended because they come with the latest security patches. Malware such as infostealers is constantly adapting to the latest security measures. An updated security tool prevents these attacks from going through.

It’s also highly recommended to be fully aware of what to download and click. Suspicious emails, especially with links and downloads, should be reported immediately, and only official apps and software should be used. Modded apps or software from suspicious websites could come with an infostealer malware.

An infostealer malware is more than just a tool to monitor and steal your personal information. It is a nefarious malware that could easily threaten large institutions with its capability of locking and stealing sensitive data. While authorities are always on the lookout against these bad actors, a proactive approach to prevent these attacks is very important.