What malware families were disrupted by Operation Endgame?

Operation Endgame resulted in a significant disruption to Amadey and StealC, two widely used malware families.

How did the operation impact these malware families?

The operation targeted the shared infrastructure of Amadey and StealC, resulting in the takedown of hundreds of domains and servers.

What is the role of each malware family in a cybercrime attack?

Amadey is a malware-as-a-service loader that provides initial access to systems, while StealC is an infostealer that obtains credentials, cryptocurrency wallets, cookies, and other valuable data.

Microsoft-Led Operation Endgame Takes Down Malware Families Amadey and StealC

Q: Why was the disruption of Amadey and StealC significant?

The disruption highlights the importance of collaboration between law enforcement agencies and private sector companies in disrupting cybercrime operations. It also demonstrates the potential of AI-powered analysis in combating malware.

Q: How was the adult industry impacted by this operation?

The disruption of Amadey and StealC's infrastructure may lead to a decrease in the spread of malware and a reduction in targeted attacks on the adult industry.

A global operation disrupted the shared infrastructure of malware families Amadey and StealC, linked to over 140,000 infected computers worldwide. AI-powered analysis aided in the takedown.

The Microsoft-led Operation Endgame has resulted in a significant disruption to two widely used malware families: Amadey and StealC. The operation, which involved law enforcement agencies from around the world, targeted the shared infrastructure of the two malware families, resulting in the takedown of hundreds of domains and servers.

The action was part of a long-running effort to disrupt cybercrime operations, with Operation Endgame focusing on taking down the "cybercrime assembly line" – the networks and infrastructure used by cybercriminals to deliver malware and steal sensitive data. Amadey is a malware-as-a-service loader that gives threat actors access to systems, while StealC is an infostealer that helps cybercriminals obtain credentials, cryptocurrency wallets, cookies, and other valuable data.

Background and Context

Amadey has been around since 2018, with StealC emerging in 2023. The two malware families have often been used together, with Amadey providing initial access to systems and StealC stealing sensitive information from those breached systems. Microsoft's Digital Crimes Unit has been tracking the two malware families for some time, using AI-powered analysis to identify their command-and-control (C2) infrastructure.

According to data collected by Microsoft in May 2026, Amadey and StealC were linked to over 140,000 infected computers worldwide. The company's researchers discovered that the two malware families used the same C2 infrastructure, making it easier for them to conduct takedown activities. This insight allowed the legal team to treat both malware families as part of a single conspiracy, rather than targeting each tool separately.

Why It Matters to the Industry

The disruption of Amadey and StealC's infrastructure is significant for several reasons. Firstly, it highlights the importance of collaboration between law enforcement agencies and private sector companies in disrupting cybercrime operations. The use of AI-powered analysis to identify C2 infrastructure is also a notable development, demonstrating the potential of this technology in combating malware.

Furthermore, the takedown of Amadey and StealC's infrastructure will likely have a significant impact on the adult industry, which has been targeted by these malware families. The disruption of their operations may lead to a decrease in the spread of malware and a reduction in the number of compromised devices.

What Comes Next

The takedown of Amadey and StealC's infrastructure is just one part of a larger effort to disrupt cybercrime operations. Microsoft and its partners will continue to work together to identify and take down other malware families and their infrastructure. The use of AI-powered analysis will likely play a key role in this effort, as it has proven to be an effective tool in identifying C2 infrastructure.

The success of Operation Endgame also highlights the importance of public-private collaboration in combating cybercrime. This partnership between law enforcement agencies and private sector companies demonstrates that together, they can achieve more than they could alone.

Key Facts

Amadey is a malware-as-a-service loader that gives threat actors access to systems.
StealC is an infostealer that helps cybercriminals obtain credentials, cryptocurrency wallets, cookies, and other valuable data.
The two malware families have often been used together, with Amadey providing initial access to systems and StealC stealing sensitive information from those breached systems.
Microsoft's Digital Crimes Unit has been tracking the two malware families for some time, using AI-powered analysis to identify their C2 infrastructure.
The takedown of Amadey and StealC's infrastructure is part of a larger effort to disrupt cybercrime operations, with Microsoft and its partners continuing to work together to identify and take down other malware families and their infrastructure.