Dutch police have arrested a 33-year-old man at Amsterdam’s Schiphol Airport, allegedly the mastermind behind AVCheck. This arrest marks the latest victory for Operation Endgame, a global mission that has dismantled major malware networks like DanaBot and Rhadamanthys.
The search for the person behind a dangerous testing ground for hackers has officially ended in the Netherlands. According to official reports, the Royal Netherlands Marechaussee, the country’s military police, arrested a 33-year-old man believed to be the head of a massive criminal service, AVCheck.
The arrest took place at Schiphol Airport in Amsterdam this past Sunday evening. The suspect had reportedly been living in the United Arab Emirates (UAE) for some time, but he was caught the moment he returned to the Netherlands.
What was his alleged crime?
According to the Dutch Police’s press release, the man is allegedly the person behind AVCheck, a malware screening website. Before criminals sent out malware, they would upload it to AVCheck to see if it could be caught by antivirus software.
If the antivirus found it, the hackers would keep changing their code until it was invisible. This allegedly allowed them to break into computers and steal data without anyone knowing. For your information, this service is believed to have helped criminals refine dangerous tools like the Lumma Stealer, which is used to snatch people’s private login details.
How they caught him
This arrest was a major win for a huge international mission called Operation Endgame. The Dutch police worked closely with the FBI and authorities in Finland to take the AVCheck website down in mid-2025. The data found on the site’s servers led investigators straight to this suspect and two companies in Amsterdam that allegedly helped him run the platform.
Hackread.com has covered this massive operation for years, noting its deep impact on the cybercrime world. While this specific arrest is new, it follows a series of successful strikes against hacker networks.
For instance, in early 2024, police dismantled dropper networks like Smokeloader and Bumblebee, which are tools used to secretly install viruses on victims’ computers. In May 2025, authorities successfully took down the DanaBot network, which had infected 300,000 computers and caused an estimated $50 million in damages.
Most recently, in November 2025, authorities shut down systems used by groups like Rhadamanthys, which had targeted thousands of cryptocurrency wallets and stolen millions of login details.
What happens now?
While those earlier missions targeted the hackers themselves, this current arrest focuses on the person who allegedly provided the tools to help those groups stay hidden. The suspect’s name has not been released to the public to protect his privacy until a court actually decides if he is guilty.
When he was caught at the airport, the police seized his phones and computers. Experts are now looking through these devices to see if he was helping other famous hacker groups. For now, he remains in custody as the investigation moves into its next phase.