The US government has taken down AvCheck.net, an antivirus-scanning service long exploited by cybercriminals to test and improve malware in order to evade detection on PCs. The domain now displays a seizure notice from the US Justice Department, FBI, and Dutch National Police, citing a seizure warrant from the US District Court for the Southern District of Texas.
According to the Justice Department, AvCheck.net and three related domains were seized as part of a law enforcement operation aimed at disrupting services that assist criminals in “obfuscating” malware. Undercover purchases confirmed that these websites were designed for illicit purposes. Authorities also traced email addresses and other data linking the services to ransomware groups targeting victims globally, including in the Houston area.
Dutch Police Join the Effort
The Dutch National Police confirmed their cooperation with US and Finnish forces in the takedown, calling AvCheck.net “one of the largest Counter Antivirus (CAV) services used by cybercriminals worldwide.” CAV services allow malware developers to check whether their malicious code will be detected by antivirus software, which is critical for launching successful cyberattacks undetected.
Archived versions of AvCheck.net reveal it offered access to 26 antivirus engines—Avast, Bitdefender, Kaspersky, among others—charging users based on scan volume.
The takedown is expected to significantly disrupt criminal operations. As part of the wider intervention, law enforcement created a fake login page to confront and warn AvCheck users, highlighting the admins’ failure to secure their platform. The operation also involved taking servers offline and seizing user data including usernames, email addresses, and payment information. The seizure page was available in both English and Russian.
This action is part of Operation Endgame, a multi-national effort dismantling infrastructure supporting Windows-based malware strains. The crackdown recalls a 2018 US conviction of a Latvian hacker who ran a similar malware testing service called Scan4you.
What The Author Thinks
Efforts like the AvCheck.net takedown demonstrate how crucial it is for law enforcement to stay ahead of cybercriminals who exploit advanced tools to perfect their attacks. However, as cybersecurity improves, hackers will continuously innovate, making such takedowns a necessary but ongoing battle rather than a one-time fix.
