Amadey, StealC malware operations disrupted in Operation Endgame action

Microsoft, Europol, and international partners have disrupted infrastructure used by the Amadey and StealC malware operations as part of Operation Endgame, which targets cybercriminal services and ransomware gangs.

The law enforcement action involved authorities and private partners from multiple countries, who assisted in identifying and taking down, seizing, blocking, or sinkholing infrastructure tied to the malware families.

According to Europol, the operation resulted in the disruption of 326 servers and 142 domains, Investigators also identified more than €41 million ($47 million) in cryptocurrency linked to criminal activity and recovered approximately 27 million credentials stolen from over 385k compromised systems.

"By taking down these tools simultaneously, the collaboration between law enforcement and private parties has increased friction for cybercriminals, making it harder for attacks to succeed, spread, or recover," announced Europol.

The coordinated action also targeted SocGholish (FakeUpdates), a malware loader that infects visitors via compromised websites that serve fake browser update prompts.