Key facts
- Global authorities and tech companies disrupted a cybercrime operation targeting Amadey and StealC.
- Amadey is a malware-as-a-service platform, while StealC is an infostealer platform.
- The operation seized 27 million stolen login credentials and uncovered $47 million in illicit crypto assets.
- Over 200 command-and-control servers and 18,000 infected computers were disrupted.
- SocGholish, a malware loader linked to Evil Corp, was also targeted.
International authorities and technology companies have disrupted a significant cybercrime operation dubbed "Operation Endgame," targeting a sophisticated "assembly line" used by criminals to steal millions of login credentials and extort over $47 million.
The operation simultaneously dismantled two key tools: Amadey, a malware-as-a-service platform used for device compromise and payload delivery, and StealC, an infostealer platform designed to collect credentials, cookies, and cryptocurrency wallets. Microsoft's AI analysis revealed that these tools, often used in conjunction, relied on overlapping infrastructure, enabling legal action under RICO statutes to treat them as a single conspiracy.
As a result of the coordinated effort, law enforcement and private partners actioned 326 servers and 142 domains, disrupting the malware's distribution network. This led to the seizure of over 200 command-and-control servers and the disruption of more than 18,000 infected computers. Europol reported the recovery of 27 million stolen login credentials and the uncovering of $47 million worth of crypto assets linked to criminal activity.
Additionally, the operation disrupted SocGholish, a malware loader associated with the Russian cybercrime group Evil Corp, which spreads through compromised websites by tricking users into downloading trojanized applications. Efforts are underway to clean infected WordPress sites, notify affected parties, and urge administrators to enhance security measures.