CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 24, 2026

Authorities Disrupt Stealer Malware StealC and Amadey Infrastructure in Global Operation

Cybersecurity News Archived Jun 24, 2026 ✓ Full text saved

Europol and law enforcement partners across multiple countries have dealt a significant blow to the cybercriminal ecosystems powering StealC, Amadey, and SocGholish malware, three widely deployed tools in the modern “cybercrime-as-a-service” supply chain. Announced as part of Operation Endgame, the coordinated action dismantled key infrastructure enabling ransomware deployment, credential theft, and large-scale financial fraud. Spanning […] The post Authorities Disrupt Stealer Malware StealC and

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security Authorities Disrupt Stealer Malware StealC and Amadey Infrastructure in Global Operation By Guru Baran June 24, 2026 Europol and law enforcement partners across multiple countries have dealt a significant blow to the cybercriminal ecosystems powering StealC, Amadey, and SocGholish malware, three widely deployed tools in the modern “cybercrime-as-a-service” supply chain. Announced as part of Operation Endgame, the coordinated action dismantled key infrastructure enabling ransomware deployment, credential theft, and large-scale financial fraud. Spanning two weeks of coordinated action, the operation involved law enforcement agencies from Canada, Denmark, Germany, the Netherlands, the United Kingdom, and the United States, alongside Europol, Eurojust, and private sector partners including Microsoft, Proofpoint, IBM X-Force, Bitdefender, and Shadowserver. The combined effort targeted the criminal “assembly lines” that allow cyberattacks to scale globally. Key outcomes of the operation include: 326 servers and 142 domains were taken down, crippling malware distribution networks. EUR 41 million (≈ USD 47 million) in crypto assets of criminal origin identified and frozen. 27 million stolen login credentials recovered. 14,971 infected websites remediated, including small businesses, restaurants, and auto repair shops. Password-Stealing Malware StealC StealC, classified as an infostealer with dropper functionality, was a primary target of this operation. Distributed through multiple attack vectors, StealC was engineered to silently extract passwords, stored access credentials, session tokens, and digital identities from compromised systems, feeding stolen data directly into underground marketplaces for fraud and resale. Working in tandem with Amadey, a dropper/loader primarily spread through phishing campaigns, the two malware families formed a critical link in the cybercrime supply chain. Amadey establishes initial access on a victim’s device, while StealC executes credential harvesting in the background. According to Microsoft’s threat intelligence, in just the first two weeks of May 2026, Amadey and StealC were collectively linked to over 140,000 infected computers worldwide. SocGholish and the Evil Corp Connection SocGholish, a dropper/loader distributed through fake browser update pop-ups on compromised WordPress sites, rounded out the trio of neutralized malware. The malware is attributed to Evil Corp, the Russian cybercriminal group previously responsible for Zeus and Dridex, and associated with numerous ransomware and money-laundering operations. Dutch Police have already patched vulnerabilities on infected sites and notified affected owners. WordPress administrators are urged to immediately change login credentials, enable multi-factor authentication, remove unknown admin accounts, and keep their platforms updated. To avoid SocGholish infection, users should never act on browser pop-up update prompts and should only apply updates through official system settings or verified app stores. Operation Endgame represents a strategic evolution in law enforcement’s approach to cybercrime, moving beyond individual threat actors to dismantle the broader infrastructure enabling attacks at scale. Europol’s European Cybercrime Center (EC3) provided analytical support, crypto tracing, and victim notifications via platforms like HaveIBeenPwned, Spamhaus, and Shadowserver. The Joint Cybercrime Action Taskforce (J-CAT) aligned national investigations under a unified framework. Victim notifications are being distributed through HaveIBeenPwned, DIVD, Spamhaus, CheckjeHack, NoMoreLeaks, Shadowserver, and NL-NCSC. Operation Endgame remains the largest international operation ever undertaken against ransomware enablers, with more than 30 public and private partners actively supporting ongoing actions. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News 15 Best Linux Network Monitoring Tools in 2026 Microsoft Office Applications Might Fail to Open Following Windows 11 June Update AWS Warns Outbound Traffic Blind Spots Can Enable Cloud Data Exfiltration GTA 6 Scam Websites Use AI-Generated Images and Fake Download Buttons to Lure Gamers QNAP Patches Multiple Injection Vulnerabilities Leads to Arbitrary Command Execution Latest News Cyber Security News Fake Income Tax Assessment Notice Delivers RAT-Like Malware to Windows Users Cyber Security News PoC Exploit Released for Microsoft Exchange Server Elevation of Privilege Vulnerability Cyber Security News Laravel Livewire Applications Compromised to Steal Credentials Exploiting RCE Vulnerability Cyber Security News Critical Webmin Vulnerabilities Allow Attackers to Impersonate as Any User Cyber Security News White House Orders Federal Agencies to Migrate Systems to Post-Quantum Cryptography
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 24, 2026
    Archived
    Jun 24, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗