Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Amadey and StealC shared-infrastructure malware activity

Malware Activity
First reported
Last updated
Happening score
H score 66
1 unique sources, 1 articles

Summary

Hide ▲

The Amadey loader and StealC infostealer are being linked through shared C&C infrastructure, making the pair easier to coordinate and disrupt. Amadey helps attackers gain access and deliver secondary payloads, while StealC steals credentials, cryptocurrency wallets, cookies, and other valuable data. The pairing matters because it supports a common intrusion chain from initial access to post-compromise theft.

Related Happenings

Amadey and StealC MaaS ecosystem and affiliate model

Threat Actor Meta
H score73 First: 24.06.2026 18:59 Last: 24.06.2026 18:59 Sources 1

About this happening: The **Amadey** and **StealC** ecosystems now operate as **malware-as-a-service (MaaS)** offerings, widening access to loader and stealer capabilities for paying customers and affi...

Open Happening

StealC and Amadey infostealer infrastructure disruption

Malware Activity
H score69 First: 24.06.2026 18:25 Last: 24.06.2026 18:25 Sources 1

About this happening: The **StealC** and **Amadey** infostealer infrastructure was disrupted, cutting off the **C2 servers** used to control infected systems and weakening a major cybercrime supply cha...

Open Happening

Operation Endgame takedown of Amadey and StealC infrastructure

Law Enforcement
H score66 First: 24.06.2026 18:02 Last: 24.06.2026 18:02 Sources 1

How related: Microsoft, law enforcement, and several cybersecurity companies have collaborated to take down infrastructure shared by two widely used malware families: Amadey and StealC.

About this happening: An **international law-enforcement takedown** under **Operation Endgame** disrupted shared infrastructure used by **StealC** and **Amadey**, with **around 50 domains** and **nearl...

Open Happening

USB-spreading clipboard-stealing malware targeting cryptocurrency wallets

Malware Activity
H score27 First: 18.06.2026 19:20 Last: 18.06.2026 19:20 Sources 1

About this happening: A **USB-spreading** clipboard-stealing malware family is actively stealing **seed phrases**, **private keys**, and wallet addresses from **Windows** victims, putting cryptocurrenc...

Open Happening

Windows cryptocurrency clipper malware using USB LNK worming and Tor C2

Malware Activity
H score29 First: 18.06.2026 17:30 Last: 18.06.2026 17:30 Sources 1

About this happening: A **Windows-based cryptocurrency clipper** has been active since **February 2026**, using **USB-delivered LNK** worming to steal wallet data and reroute payments. The malware adds...

Open Happening

Timeline

  1. 24.06.2026 18:02 2 articles · 2h ago

    Microsoft and partners disrupt shared Amadey and StealC infrastructure

    Campaign Scope Update

    Microsoft, Europol, law enforcement, and cybersecurity partners disrupted infrastructure shared by Amadey and StealC under Operation Endgame. AI-powered analysis showed the two malware families used the same command-and-control (C&C) infrastructure, and researchers found a vulnerability in the StealC C&C panel that enabled uploading a web shell to the server. The takedown targeted hundreds of domains and servers, seized more than 25 million unique credentials from over 385,000 systems, identified and secured 18,000 compromised computers, and flagged crypto assets valued at more than $47 million.

    Show sources
    Open in new tab