StealC and Amadey infostealer infrastructure disruption
Malware Activity
Summary
Hide ▲
Show ▼
The StealC and Amadey infostealer infrastructure was disrupted, cutting off the C2 servers used to control infected systems and weakening a major cybercrime supply chain. Law enforcement seized nearly 200 IP-based C2 servers and around 50 domains, while responders identified over 18,000 victim computers and severed criminal control. The takedown matters because the two families were linked to over 140,000 infected computers worldwide, and both were used to steal credentials or deliver additional malware.
Related Happenings
Amadey and StealC MaaS ecosystem and affiliate model
Threat Actor Meta
H score73
First: 24.06.2026 18:59
Last: 24.06.2026 18:59
Sources 1
How related:
All three malware families are known to be advertised under a malware-as-a-service (MaaS) model, allowing customers to deliver additional payloads or steal sensitive information from compromised hosts.
About this happening:
The **Amadey** and **StealC** ecosystems now operate as **malware-as-a-service (MaaS)** offerings, widening access to loader and stealer capabilities for paying customers and affi...
Amadey and StealC MaaS ecosystem and affiliate model
Threat Actor MetaHow related: All three malware families are known to be advertised under a malware-as-a-service (MaaS) model, allowing customers to deliver additional payloads or steal sensitive information from compromised hosts.
About this happening: The **Amadey** and **StealC** ecosystems now operate as **malware-as-a-service (MaaS)** offerings, widening access to loader and stealer capabilities for paying customers and affi...
Operation Endgame takedown of Amadey and StealC infrastructure
Law Enforcement
H score66
First: 24.06.2026 18:02
Last: 24.06.2026 18:02
Sources 1
How related:
The infrastructure of two infamous information stealer malware strains (infostealers), StealC and Amadey, has been disrupted by an international law enforcement takedown.
About this happening:
An **international law-enforcement takedown** under **Operation Endgame** disrupted shared infrastructure used by **StealC** and **Amadey**, with **around 50 domains** and **nearl...
Operation Endgame takedown of Amadey and StealC infrastructure
Law EnforcementHow related: The infrastructure of two infamous information stealer malware strains (infostealers), StealC and Amadey, has been disrupted by an international law enforcement takedown.
About this happening: An **international law-enforcement takedown** under **Operation Endgame** disrupted shared infrastructure used by **StealC** and **Amadey**, with **around 50 domains** and **nearl...
Amadey and StealC shared-infrastructure malware activity
Malware Activity
H score66
First: 24.06.2026 18:02
Last: 24.06.2026 18:02
Sources 1
About this happening:
The **Amadey** loader and **StealC** infostealer are being linked through shared **C&C infrastructure**, making the pair easier to coordinate and disrupt. **Amadey** helps attacke...
Amadey and StealC shared-infrastructure malware activity
Malware ActivityAbout this happening: The **Amadey** loader and **StealC** infostealer are being linked through shared **C&C infrastructure**, making the pair easier to coordinate and disrupt. **Amadey** helps attacke...
FBI takedown of Outsider Enterprise phishing service
Law Enforcement
H score63
First: 14.06.2026 17:36
Last: 14.06.2026 17:36
Sources 1
About this happening:
The **FBI** and partners **dismantled** **Outsider Enterprise**, a **phishing-as-a-service** operation tied to **thousands of phishing websites** and large-scale credential theft....
FBI takedown of Outsider Enterprise phishing service
Law EnforcementAbout this happening: The **FBI** and partners **dismantled** **Outsider Enterprise**, a **phishing-as-a-service** operation tied to **thousands of phishing websites** and large-scale credential theft....
AudiA6 laundering ecosystem and Dark2Web forum
Threat Actor Meta
H score31
First: 11.06.2026 18:55
Last: 11.06.2026 18:55
Sources 1
About this happening:
**AudiA6** was disrupted as an **industrial-scale cryptocurrency laundering service** used by **ransomware gangs** and other cybercriminal networks. Europol said the ecosystem lau...
AudiA6 laundering ecosystem and Dark2Web forum
Threat Actor MetaAbout this happening: **AudiA6** was disrupted as an **industrial-scale cryptocurrency laundering service** used by **ransomware gangs** and other cybercriminal networks. Europol said the ecosystem lau...
Timeline
-
24.06.2026 18:25 3 articles · 2h ago
Operation Endgame disrupts StealC and Amadey infrastructure
Initial DisclosureEuropol said Operation Endgame disrupted the StealC and Amadey infostealer infrastructure, coordinated with Germany’s Federal Criminal Police Office and supported by Eurojust, EC3 and industry partners including Microsoft, ESET, BitSight, IBM X-Force, Lumen, Mitsui Bussan Secure Directions and Proofpoint. The takedown seized around 50 domains and nearly 200 active IP-based C2 servers linked to the two malware families; Microsoft said its court-authorized action disrupted more than 200 C2 servers, identified over 18,000 victim computers, and linked Amadey and StealC to over 140,000 infected computers worldwide in the first two weeks of May 2026.
Show sources
- Europol-Led Operation Endgame Takes Down StealC and Amadey Infostealers — www.infosecurity-magazine.com — 24.06.2026 18:25
- Europol-Led Operation Endgame Takes Down StealC and Amadey Infostealers — www.infosecurity-magazine.com — 24.06.2026 18:25
- Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered — thehackernews.com — 24.06.2026 18:59