Dutch police believe they have arrested a man behind the AVCheck online platform – a service used by cybercrims that Operation Endgame shuttered in May.
The country’s public prosecutor’s office (LP) issued a statement on Monday, confirming the arrest of a 33-year-old Dutchman in connection with its investigation into the malware service, without specifying it or the man by name.
Officials said he was arrested at Schiphol Airport in Amsterdam on Sunday evening, but did not reveal what he was doing there. The unnamed individual did, however, deregister in the Netherlands around the time of the AVCheck bust and fled to the United Arab Emirates, the LP said.
“The suspect had been under international surveillance for some time when he was arrested by the Royal Netherlands Marechaussee at Schiphol Airport on Sunday,” it said. “Data storage devices belonging to the man were seized.”
The alleged AVCheck mastermind and two companies tied to him are suspected of enabling cybercriminals and malware developers to access the online platform.
AVCheck was taken down on May 27, 2025, as part of Operation Endgame’s second burst of operational activity.
The takedown was coordinated between authorities in the Netherlands, United States, and Finland, and the intelligence gathered from that led to the identification of, and resulting investigation into, the man now in custody.
AVCheck was a website criminals used to test their malware against different antivirus providers’ products to see which detection systems it could evade.
It essentially gave baddies a tool to see which organization was worth targeting based on the information gathered during an attack’s reconnaissance phase.
The platform was described as one of the largest counter-antivirus (CAV) services in the world, and played a significant role in the cybercrime ecosystem.
“Cybercriminals don’t just create malware; they perfect it for maximum destruction,” said Douglas Williams, special agent in charge at FBI Houston at the time.
“By leveraging counter-antivirus services, malicious actors refine their weapons against the world’s toughest security systems to better slip past firewalls, evade forensic analysis, and wreak havoc across victims’ systems.” ®
