A U.S. federal investigation into one of the world’s most persistent malware delivery platforms has led to the indictment of an alleged operator behind SmokeLoader, a stealthy digital infection tool that’s been active since 2011. The Department of Justice has confirmed charges against Nicholas Moses, also known by his alias “scrublord,” for orchestrating a widespread credential theft operation that harvested sensitive data from more than 65,000 individuals around the globe.
The case, initially filed in North Carolina, was unexpectedly transferred to Vermont, where Moses has now reportedly entered a guilty plea, according to court filings obtained by The Realist Juggernaut.
Command and Exploit: A Global Malware Operation
Between January 2022 and May 2023, Moses is accused of operating a command-and-control (C2) server hosted in the Netherlands, a known cybercrime-friendly jurisdiction. From this C2 node, Moses deployed the SmokeLoader malware across thousands of devices—silently hijacking browsers, siphoning passwords, and intercepting data ranging from financial credentials to entertainment accounts.
In just one instance on November 30, 2022, Moses is alleged to have shared stolen usernames and passwords for multiple video-on-demand platforms, while bragging that he held over 619,763 unique victim data files. He allegedly sold this stolen data for $1 to $5 per record, monetizing a steady stream of illicit credentials in underground marketplaces.
One of the confirmed victims includes a FDIC-insured financial institution in Charlotte, North Carolina, signaling the breach of not just personal accounts, but critical components of U.S. financial infrastructure.
What Is SmokeLoader?
First appearing on cybercrime forums in 2011, SmokeLoader has evolved into a modular and highly adaptable malware strain. Originally designed as a dropper—a type of malware used to download and install additional threats—SmokeLoader can now:
- Steal saved browser credentials and email logins
- Log keystrokes
- Deploy Remote Access Trojans (RATs)
- Execute DDoS attacks
- Act as a backdoor for future intrusions
Available for as little as $400 in its basic form, the full-featured package, which includes plugins for stealth and persistence, can cost up to $1,650. Its affordability and effectiveness have made it a go-to tool for Russian-language cybercrime groups and, allegedly, state-affiliated actors targeting countries like Ukraine and NATO-aligned infrastructure.
Operation Endgame: International Blowback
This indictment arrives just weeks after Europol’s Operation Endgame, a sweeping multinational takedown that crippled several major malware delivery platforms, including SmokeLoader, Bumblebee, Pikabot, IcedID, and SystemBC.
In early 2025, authorities across Canada, France, Germany, Denmark, the Netherlands, the Czech Republic, and the United States conducted arrests and digital forensic raids tied to users of the pay-per-install botnet operated by a figure known as “Superstar.”
Investigators discovered that several customers of the malware not only used it for credential theft, but also resold access to other actors at a markup—creating an entire underground resale economy around stolen digital identities.
Europol has confirmed that Operation Endgame is ongoing, with further arrests expected. Many suspects believed they were “off the radar,” only to be met with law enforcement door knocks and hard questions.
Why Vermont? The Unknown Variables
While Moses’ digital footprint spans Europe and the American South, it’s unclear why the case was transferred to Vermont. Federal officials have not offered an explanation, but legal analysts suggest that either additional crimes occurred within Vermont’s jurisdiction or a federal plea deal was negotiated through prosecutors based there.
Regardless of jurisdiction, the underlying charges remain severe: Moses faces conspiracy to commit fraud and computer-related offenses, which could carry significant prison time under U.S. cybercrime statutes.
A Broader Trend: The Commercialization of Malware
This case serves as yet another warning of the shifting landscape in cybercrime: what was once the domain of nation-states and elite hackers is now commodified and scalable. With platforms like SmokeLoader, average criminals can now purchase sophisticated malware tools for the cost of a gaming console—and immediately launch global attacks.
And as The Realist Juggernaut has repeatedly warned, the combination of malware-as-a-service (MaaS), anonymous crypto transactions, and global botnet infrastructure has opened the floodgates to low-cost, high-impact cyber intrusions that are difficult to trace and even harder to stop.
🔥 NOW AVAILABLE! 🔥
📖 INK & FIRE: BOOK 1 📖
A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed.
🔥 Kindle Edition 👉 https://a.co/d/9EoGKzh
🔥 Paperback 👉 https://a.co/d/9EoGKzh
🔥 Hardcover Edition 👉 https://a.co/d/0ITmDIB
Get your copy today and experience poetry like never before. #InkAndFire #PoetryUnleashed #FuelTheFire
🚨 NOW AVAILABLE! 🚨
📖 THE INEVITABLE: THE DAWN OF A NEW ERA 📖
A powerful, eye-opening read that challenges the status quo and explores the future unfolding before us. Dive into a journey of truth, change, and the forces shaping our world.
🔥 Kindle Edition 👉 https://a.co/d/0FzX6MH
🔥 Paperback 👉 https://a.co/d/2IsxLof
🔥 Hardcover Edition 👉 https://a.co/d/bz01raP
Get your copy today and be part of the new era. #TheInevitable #TruthUnveiled #NewEra
🚀 NOW AVAILABLE! 🚀
📖 THE FORGOTTEN OUTPOST 📖
The Cold War Moon Base They Swore Never Existed
What if the moon landing was just the cover story?
Dive into the boldest investigation The Realist Juggernaut has ever published—featuring declassified files, ghost missions, whistleblower testimony, and black-budget secrets buried in lunar dust.
🔥 Kindle Edition 👉 https://a.co/d/2Mu03Iu
🛸 Paperback Coming Soon
Discover the base they never wanted you to find. TheForgottenOutpost #RealistJuggernaut #MoonBaseTruth #ColdWarSecrets #Declassified
Help us bring real change! Corporate lobbying has corrupted our system for too long, and it’s time to take action. Please sign and share this petition—your support is crucial in restoring accountability to our government. Every signature counts! Thank you!
https://www.ipetitions.com/petition/restore-our-republic-end-lobbying
Support truth, health, and preparedness by shopping the Alex Jones Store through our link. Every purchase helps sustain independent voices and earns us a 10% share to fuel our mission. Shop now and make a difference!
https://thealexjonesstore.com?sca_ref=7730615.EU54Mw6oyLATer7a
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
