A coordinated international cybercrime operation has dealt a significant blow to two of the most widely used malware-as-a-service platforms, Amadey and StealC. Led by law enforcement agencies across Europe and North America and supported by cybersecurity firms including Bitdefender, Bitsight, ESET, and Microsoft, the effort targeted the infrastructure that enables cybercriminals to distribute malware, steal credentials, and facilitate ransomware attacks. The operation resulted in the dismantling of 326 servers, the seizure of 142 domains, and the recovery of approximately 27 million compromised login credentials.
Authorities also identified and restricted more than $47 million in cryptocurrency assets linked to criminal activity. The takedown forms part of the broader Operation Endgame initiative, which focuses on disrupting the early stages of cyberattacks by targeting malware loaders and information stealers. Officials described the action as an effort to break the cybercrime supply chain by eliminating the tools that provide initial access to victim networks and harvest valuable credentials for sale on underground markets.
Amadey, active since 2018, has evolved into a popular malware loader capable of deploying a wide range of secondary payloads, including ransomware, remote access trojans, and credential stealers. StealC, which emerged in 2023, specializes in harvesting browser credentials, cookies, financial information, messaging app data, and cryptocurrency wallet information. Investigators found strong operational links between the two malware families, with Amadey frequently serving as an entry point for StealC infections and other malicious payloads.
According to Microsoft, the combined infrastructure behind Amadey and StealC was connected to more than 140,000 infected devices worldwide during a two-week period in May 2026. By disrupting command-and-control servers and seizing malicious domains, authorities effectively severed communications between attackers and thousands of compromised systems. The operation highlights the growing effectiveness of public-private collaboration in combating cybercrime-as-a-service networks and demonstrates a strategic shift toward dismantling the infrastructure that enables large-scale cyberattacks before they escalate into ransomware incidents or broader network compromises.
