Computer code
Crypter services are sold to cybercriminals so they can hide malware Unsplash

Two years after bringing down a cybercrime operation selling access to two tools designed to help malware evade detection by anti-virus software, Europol, the primary law enforcement agency of the European Union, has announced six more arrests have been made.

The multi-phase operation, codenamed Neuland, was spearheaded by German police with technical support from Europol's European Cybercrime Centre (EC3). It focused on customers of the same tools – one "counter anti-virus platform" and one "crypter" service.

The software is used by hackers and digital thieves to disguise viruses, keyloggers and remote Trojans and ensure they remain hidden from antivirus software.

The latest stage of the investigation resulted in 36 suspects being interviewed across six EU countries.

The takedown operation, which took place 5-9 June 2017, involved 20 house searches and boasted participation from police forces in the UK, Cyprus, Italy, the Netherlands and Norway.

Europol has not yet revealed the names of the cybercrime services being targeted but confirmed a "large number" of devices had been seized.

"Europol's European Cybercrime Centre provided extensive support for secure information exchange, the preparation of the target packages per country, and in-depth malware analysis," the EU crime fighting agency said in a statement this week (14 June).

"This case is an excellent example of how local police forces can benefit from cooperating with Europol to execute impactful nationwide and international actions against cybercriminals," it continued, adding that the incident shows the danger posed by the "crime-as-a-service" model.

The first phase of the operation, also orchestrated by German police with support from Europol, was executed on 5 April 2016 and specifically targeted the operators of the two counter anti-virus and a crypter services, as well as a slew of German customers who had purchased the tools.

A 22-year-old suspect was arrested and imprisoned, while 170 suspects had their premises searched by police. Internationally, more than 300 computers were seized from raids across the Netherlands, France and Canada. The average age of the suspects was just 23.

In 2015, mere months after the first phase of Neuland was launched, the UK's National Crime Agency (NCA) apprehended two suspects accused of operating a website selling similar services.

The website in question - reFUD.me - provided a number of functions, both free and for charge, which allowed malware developers to scan illegal files. If a piece of malware was detected, changes could be made by the developer to make the file 'fully undetectable'.

The NCA said more than 1.2 million scans had been conducted on the service in less than a year.