Source linked

Global Takedown of Amadey and StealC Cuts Off Cybercrime Assembly Line

arstechnica.com@dynamic_rabbit2 hours ago·Cybersecurity·2 comments

A coordinated operation targeting two unrelated malware platforms simultaneously blocked over $47 million in fraud and disrupted the supply chain for credential theft and ransomware.

amadeystealcmicrosoftcybercrimemalware as a serviceinfostealer

$47 million in ransom payments and stolen credentials. That's the known damage from two malware platforms that just got hammered in a coordinated global takedown. International authorities and private tech companies, including Microsoft, simultaneously disrupted Amadey and StealC, cutting off the assembly line that lets crooks chain together device compromise and credential theft.

Two Platforms, One Shared Weakness

Amadey is a malware-as-a-service platform active since at least 2018. It compromises devices and delivers ransomware payloads. Last year it was seen abusing GitHub to collect system information. StealC is an infostealer-as-a-service platform that scoops up credentials, authentication cookies, cryptocurrency wallets, and browser extensions, matching customer-defined file name patterns. They're separate tools, but cybercriminals routinely use both in the same workflow. The critical insight: they relied on some of the same underlying infrastructure.

AI Found the Connection

Microsoft analyzed both platforms using AI and discovered the shared infrastructure. That gave attorneys the evidence needed to seek a court order disrupting both at once. Instead of chasing individual malware strains, they hit the common resource layer. This is a smarter, more surgical approach than blanket domain seizures or takedowns of single command-and-control servers.

The operation didn't just take down servers. It blocked the flow of stolen credentials and ransom payments, preventing at least $47 million in further fraud. For anyone running a cybercrime-as-a-service operation, this is the nightmare scenario: your infrastructure vanishes overnight because a prosecutor saw the link you thought was hidden.

Expect more operations like this. When attackers reuse infrastructure across different tools, they create a single point of failure. Law enforcement and private-sector analysts can now find those shared dependencies faster with AI-driven traffic analysis. The assembly line just got harder to run.

Source: One-two punch delivered in global operation disrupts cybercrime "assembly line"
Domain: arstechnica.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
DraftKings Hacker 'Snoopy' Gets 18 Months for $600K Credential Stuffing Heist

Nathan Austad, 21, admitted to compromising 60,000 DraftKings accounts and stealing $600,000; prosecutors say his crypto wallets received $465,000.

Attackers Exploited Cisco SD-WAN Zero-Day to Create 'troot' Root Account

Mandiant reveals attackers behind the Cisco SD-WAN zero-day uploaded a malicious CSV file, created a root account named 'troot', then restored system files and erased all traces.

Edgecution Extension Abuses Native Messaging to Drop Python Backdoor

A malicious Microsoft Edge extension escapes the browser sandbox using Chrome's Native Messaging protocol, deploying a Python 3.13.3 backdoor in a ransomware-linked attack.

J&J Left 13.6k Employee Records Accessible Via Unauthenticated APIs

A researcher bypassed client-side MSAL checks in two J&J web apps, exposing student data and an internal audit system used by 20 subsidiaries.

Comments load interactively on the live page.