Global Operation Disrupts Two Major Cybercrime Tools Simultaneously

A coordinated international operation called "Operation Endgame" has disrupted two widely used cybercrime tools that worked together in what authorities describe as a cybercrime "assembly line." Amadey, a malware-as-a-service platform active since at least 2018, compromises devices and delivers malicious payloads for ransomware and fraud schemes. StealC, an infostealer-as-a-service platform, collects credentials, authentication cookies, cryptocurrency wallets, and other sensitive information. Although the tools operate independently, many cybercriminals use both simultaneously, with Amadey providing device access and StealC stealing sensitive data. Microsoft's analysis using AI identified that both tools relied on overlapping underlying infrastructure. This discovery allowed Microsoft attorneys to invoke RICO statutes targeting organized crime, treating both tools as part of a single conspiracy. The operation disrupted over 200 command-and-control servers and severed criminal control of more than 18,000 infected computers. Law enforcement and private sector partners took action against 326 servers and 142 domains. Europol, coordinating the law-enforcement portion, confirmed recovery of approximately 27 million stolen login credentials and identification of $47 million in criminal cryptocurrency assets. Companies assisting included ESET, Proofpoint, IBM X-Force, Bitsight, and Mitsui Bussan Secure Directions.