Skip to content
Tech News
← Back to articles

Amadey, StealC malware operations disrupted in Operation Endgame action

2026-06-24 | original
read original more articles
Why This Matters

The disruption of Amadey and StealC malware operations in Operation Endgame signifies a major collaborative effort to weaken cybercriminal infrastructure, making it more difficult for attackers to succeed and spread malware. This coordinated action highlights the importance of international cooperation and private-sector support in combating sophisticated cyber threats, ultimately enhancing cybersecurity for consumers and organizations alike.

Key Takeaways

Microsoft, Europol, and international partners have disrupted infrastructure used by the Amadey and StealC malware operations as part of Operation Endgame, which targets cybercriminal services and ransomware gangs.

The law enforcement action involved authorities and private partners from multiple countries, who assisted in identifying and taking down, seizing, blocking, or sinkholing infrastructure tied to the malware families.

According to Europol, the operation resulted in the disruption of 326 servers and 142 domains, Investigators also identified more than €41 million ($47 million) in cryptocurrency linked to criminal activity and recovered approximately 27 million credentials stolen from over 385k compromised systems.

"By taking down these tools simultaneously, the collaboration between law enforcement and private parties has increased friction for cybercriminals, making it harder for attacks to succeed, spread, or recover," announced Europol.

The coordinated action also targeted SocGholish (FakeUpdates), a malware loader that infects visitors via compromised websites that serve fake browser update prompts.

Operation Endgame included law enforcement agencies from Canada, Denmark, Germany, the Netherlands, the United Kingdom, and the United States, with Europol and Eurojust coordinating the effort. Private-sector support was provided by Microsoft, ESET, Proofpoint, IBM X-Force, Bitsight, Infoblox, Orange Cyberdefense, Shadowserver, Have I Been Pwned, Spamhaus, and others.

According to Europol, the operation focused on disrupting cybercrime infrastructure that threat actors utilize to gain initial access to systems, steal credentials, and ultimately deploy ransomware or conduct financial fraud.

Amadey and StealC are sold to cybercriminals through malware-as-a-service operations, where affiliates pay for access to malware builders, management panels, support, and infrastructure.

Criminals use Amadey to gain an initial foothold on victim devices to deploy additional malware. StealC is used to steal credentials, cryptocurrency wallets, and other sensitive information that can later be sold or leveraged in ransomware attacks.

Amadey is a malware botnet used by both ransomware gangs and state-sponsored hacking groups to breach networks. More recently, StealC has been widely used in a variety of ClickFix attacks, such as fake instructional videos on TikTok and FileFix attacks.

... continue reading

Explore topics: amadey stealc operation endgame europol microsoft
Related:
Boffin claims Microsoft's "quantum leap" is invalid due to "basic Python errors"
Scientist publishes fresh doubts over Microsoft's quantum claims
Your Linux PC has a Secure Boot problem - what to do first (and the workaround to avoid)
Whoops! Microsoft Outlook Mac Update Removes Email Conversation History
Microsoft Comes Through With the Best Laptop Deal of Prime Day So Far

© 2026 GoKawiil

About | Editorial Policy | Contact