general · TheHackerNews
Law enforcement agencies from the Netherlands, Canada, Germany, and the U.S., working with Bitdefender, Bitsight, ESET, and Microsoft, disrupted criminal infrastructure supporting Amadey and StealC malware. The operation dismantled 326 servers and 142 domains, recovered approximately 27 million stolen login credentials, and identified over $47 million in cryptocurrency assets of criminal origin. Both malware families operate under a malware-as-a-service model: Amadey functions as a loader distributed via compromised WordPress sites and phishing, while StealC is an information stealer targeting browser data, credentials, and desktop applications. The action follows a separate takedown of SocGholish infrastructure affecting nearly 15,000 WordPress websites.
Organizations in regulated industries face direct risk from these malware families' credential-theft and lateral-movement capabilities. Defense contractors handling controlled unclassified information should review endpoint detection and response logs for Amadey or StealC indicators; healthcare and fintech entities subject to HIPAA and PCI DSS must assess whether stolen credentials or payment card data from their environments circulated in the recovered dataset. SaaS teams reliant on SOC2 controls should verify their WordPress installations are patched and monitor for phishing campaigns targeting employees. An Omniware engagement can scope credential-exposure assessment, supply-chain risk evaluation, and detection rule refinement in detail.
Source: The Hacker News - https://thehackernews.com/2026/06/amadey-and-stealc-malware-network.html
Source: TheHackerNews
All briefings