Operation Endgame Disrupts Amadey and StealC Malware Networks

On June 24, 2026, Operation Endgame successfully disrupted the infrastructure of two major malware families, Amadey and StealC, used in cybercrime. This coordinated effort involved Microsoft, Europol, and various industry partners, targeting over 200 command-and-control servers and affecting approximately 140,000 infected computers globally. Amadey serves as a malware loader while StealC functions as an infostealer, both operating under a malware-as-a-service model. The operation resulted in the seizure of millions of stolen credentials and significant disruption to the cybercrime ecosystem. Microsoft utilized AI tools to uncover connections between the two malware families, allowing for a broader legal approach under the RICO Act. The disruption is expected to have a lasting impact on the operations of both malware families.

Key Points: • Operation Endgame disrupted over 200 command-and-control servers for Amadey and StealC. • Approximately 140,000 computers were identified as infected during the operation. • Microsoft leveraged AI tools to link the two malware operations for a coordinated legal response.