One-two punch delivered in global operation disrupts cybercrime "assembly line"

International law enforcement and technology firms have disrupted a cybercrime operation that facilitated the theft of over $47 million through ransom payments and other fraudulent activities. The operation targeted two distinct tools, Amadey and StealC, which function as "malware-as-a-service" and "infostealer-as-a-service" platforms, respectively. Amadey, active since at least 2018, compromises devices to deliver malicious payloads for ransomware and other scams, and was observed last year utilizing GitHub to gather system information. StealC is designed to steal credentials, authentication cookies, cryptocurrency wallets, and specific files. The disruption was achieved by simultaneously targeting both tools, which, despite being operated independently, shared underlying infrastructure. Microsoft's AI analysis identified this shared infrastructure, enabling authorities to obtain a court order to dismantle both operations concurrently. This coordinated action effectively severed a critical link in the cybercrime "assembly line" by disabling the tools used by numerous criminals to collect millions of login credentials.