A major international law enforcement operation has disrupted the infrastructure behind the StealC and Amadey malware families, dealing a significant setback to cybercriminal groups that rely on these tools to steal sensitive information from victims worldwide.
The operation, known as Operation Endgame, brought together law enforcement agencies, cybersecurity researchers, and technology companies in a coordinated effort to dismantle malware infrastructure used to support large-scale cybercrime activities.
Authorities Take Down Hundreds of Servers
As part of the latest crackdown, investigators successfully disrupted 142 domains and 326 servers linked to the StealC and Amadey malware ecosystem. The operation targeted systems used by cybercriminals to manage malware infections, collect stolen information, and distribute additional malicious software.
Authorities also recovered more than 27 million login credentials from over 385,000 compromised devices. The recovered data included usernames, passwords, and other account information that could have been used for fraud, identity theft, and unauthorized access to online services.
The takedown represents one of the largest recent actions against information-stealing malware infrastructure.
What Is StealC Malware?
StealC is a type of information-stealing malware that first appeared in 2023 and quickly gained popularity among cybercriminals. It is designed to silently collect sensitive information from infected computers and send it to attackers.
The malware can steal:
- Browser usernames and passwords
- Saved cookies and session data
- Credit and debit card information
- Cryptocurrency wallet details
- Email account credentials
- Messaging application data
- VPN and cloud service login information
Cybercriminals often sell this stolen data on underground forums or use it to gain access to corporate networks and online accounts.
Understanding Amadey
Amadey is a malware loader that helps attackers deliver additional malicious software to infected devices. Once installed, it can download and execute other malware, including information stealers, ransomware, and remote access tools.
Because of its flexibility, Amadey has remained a popular tool among cybercriminal groups for several years and is frequently used as part of larger attack campaigns.
Researchers Played a Key Role
Cybersecurity researchers contributed valuable intelligence that helped law enforcement agencies identify and disrupt the malware infrastructure.
By analyzing StealC’s command-and-control systems, researchers uncovered important information about how the malware operated and where stolen data was being transmitted. This intelligence helped investigators locate servers and domains connected to the criminal operation.
The collaboration between security researchers and law enforcement agencies was a crucial factor in the success of the takedown.
Why This Operation Matters
Information-stealing malware has become one of the most serious cybersecurity threats facing both individuals and organizations. Stolen credentials are often used as the first step in larger cyberattacks, including ransomware incidents, financial fraud, and data breaches.
When criminals gain access to valid login credentials, they can bypass many traditional security measures and gain entry to personal accounts, business systems, and cloud environments.
By disrupting the infrastructure behind StealC and Amadey, authorities have significantly reduced the ability of cybercriminals to collect and exploit stolen information through these malware services.
Operation Endgame Continues to Expand
Operation Endgame is an ongoing international initiative focused on dismantling malware services and criminal infrastructure that enable cybercrime around the world.
Previous phases of the operation have targeted several malware families and resulted in server seizures, arrests, domain takedowns, and the disruption of criminal networks operating across multiple countries.
The latest action demonstrates the growing effectiveness of cooperation between governments, law enforcement agencies, cybersecurity companies, and researchers in combating organized cybercrime.
Final Thoughts
The disruption of the StealC and Amadey malware infrastructure marks another important victory in the fight against cybercrime. With more than 27 million login credentials recovered and 142 domains and 326 servers taken offline, Operation Endgame has once again shown that coordinated global action can significantly weaken criminal networks operating on the internet.
While cybercriminals will likely attempt to rebuild their operations, the latest takedown highlights the increasing pressure being placed on malware operators and the growing international effort to make the digital world safer for everyone.
