A global law enforcement operation has disrupted a cybercrime assembly line by simultaneously targeting two widely used malware tools. Called Operation Endgame, the effort involved international authorities and private tech companies, crippling an ecosystem that allowed criminals to steal millions of login credentials and extort over $47 million in ransom payments and other frauds.
How Amadey and StealC fuel cybercrime
The operation focused on two independent but interconnected tools. Amadey is a malware-as-a-service platform used to compromise devices and deliver ransomware and other malicious payloads. Active since at least 2018, Amadey was recently observed abusing GitHub to collect system information and install custom payloads. The second tool, StealC, is an infostealer-as-a-service that harvests credentials, authentication cookies, cryptocurrency wallets, browser extensions, and files matching customer-defined patterns. Although developed by different groups, both tools relied on some of the same underlying infrastructure, a critical vulnerability exploited by the operation.
Sponsored Protocol
Microsoft's AI analysis uncovers shared infrastructure
Microsoft played a pivotal role by using AI to analyze the two platforms. The analysis revealed that Amadey and StealC, while separate, depended on overlapping infrastructure. This insight allowed Microsoft's legal team to seek a court order disrupting both simultaneously, maximizing the impact. The operation severed a critical link in the cybercrime chain, preventing criminals from using these tools for illicit activities. Such collaborative approaches are becoming essential in modern cybersecurity, as highlighted by the challenges of phone scams like vishing that also exploit compromised credentials.
Sponsored Protocol
A unprecedented blow to the malware marketplace
Operation Endgame represents a new model of international cooperation by targeting not just a single malware but the entire ecosystem enabling criminals to buy and sell harmful tools. Experts say this approach could be a game changer in fighting cybercrime. The simultaneous action prevented criminals from quickly migrating to other platforms. Investigations are ongoing to identify users of Amadey and StealC. For more details, see the original report on Ars Technica.
