惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Apple Machine Learning Research
Apple Machine Learning Research
AWS News Blog
AWS News Blog
Google DeepMind News
Google DeepMind News
U
Unit 42
博客园 - 叶小钗
博客园 - 聂微东
GbyAI
GbyAI
Stack Overflow Blog
Stack Overflow Blog
有赞技术团队
有赞技术团队
aimingoo的专栏
aimingoo的专栏
D
DataBreaches.Net
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Jina AI
Jina AI
美团技术团队
The Cloudflare Blog
M
MIT News - Artificial intelligence
Microsoft Azure Blog
Microsoft Azure Blog
I
InfoQ
S
Schneier on Security
C
Check Point Blog
Project Zero
Project Zero
The Hacker News
The Hacker News
Scott Helme
Scott Helme
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Cisco Talos Blog
Cisco Talos Blog
P
Privacy International News Feed
SecWiki News
SecWiki News
Latest news
Latest news
MongoDB | Blog
MongoDB | Blog
S
Secure Thoughts
Google Online Security Blog
Google Online Security Blog
F
Fortinet All Blogs
博客园 - 三生石上(FineUI控件)
H
Help Net Security
TaoSecurity Blog
TaoSecurity Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Last Week in AI
Last Week in AI
P
Privacy & Cybersecurity Law Blog
Forbes - Security
Forbes - Security
G
GRAHAM CLULEY
N
Netflix TechBlog - Medium
L
Lohrmann on Cybersecurity
A
About on SuperTechFans
T
The Exploit Database - CXSecurity.com
C
Cisco Blogs
PCI Perspectives
PCI Perspectives
大猫的无限游戏
大猫的无限游戏
T
Troy Hunt's Blog
H
Hacker News: Front Page
Vercel News
Vercel News

RSS

Events and conferences Events and conferences Events and conferences Events and conferences Events and conferences Events and conferences Events and conferences Events and conferences Events and conferences Events and conferences Events and conferences Events and conferences Events and conferences Vietnam-aligned OceanLotus pivots to spy on domestic targets as it takes a more selective approach abroad, ESET Research finds Canon Canada Partners with ESET to Expand Cybersecurity Services ESET releases 2026 SMB Cyber Readiness Index showing growing confidence but also concerns about AI ESET has been named the only Challenger in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection ESET Research APT Report: China-aligned groups spy in Venezuela and the Gulf, target AI robotics in S. Korea Events and conferences ESET uncovers the expanded arsenal of China-aligned Webworm; European governments targeted ESET reaffirms its global market presence with new European and Asian offices ESET supercharges AI innovation with investment to address rapidly expanding attack surface ESET joins the Agentic AI Foundation to help shape safe, human‑led agentic AI ESET’s Tony Anscombe to Co-Chair NetDiligence Cyber Risk Summit Belarus-aligned FrostyNeighbor attacks Ukrainian government, again — ESET Research discovers ESET Research uncovers CallPhantom scam on Google Play: Fake logs for real money North Korea-aligned APT group ScarCruft compromises gaming platform in supply‑chain espionage attack, ESET Research finds ESET Research discovers new China-aligned group, GopherWhisper: It abuses messaging services Discord, Slack, and Outlook to spy ESET Research: New NGate hides in NFC payment app, possibly built with AI ESET finds that SMBs currently leverage cyber insurance to arm against attacks, report incidents and improve resilience ESET previews new AI security features to secure chatbot communications and AI workflows ESET wins four Global InfoSec Awards at RSAC 2026 ESET receives Intel vPro Certified App status – Delivering performance benefits for business customers while advancing threat detection capability ESET launches Cloud Workload Protection and AI enhancements for ESET PROTECT customers ESET presents six sessions at RSAC 2026 to advance cyber resilience ESET Research: A deep dive into EDR killers - a cornerstone of modern ransomware operations ESET sets new integration with Lumu ESET Endpoint Security for Windows v12 achieves Common Criteria certification ESET PRIVATE showcases custom security solutions at RSAC 2026 ESET launches eCrime reports ESET Research: One of Russia’s most notorious groups, Sednit, resurges with spyware in Ukraine ESET Opens 2026 Women in Cybersecurity Scholarship Applications CRN Honors ESET on Security 100 List for MDR and AI Innovations ESET’s Ryan Grant Named a 2026 CRN Channel Chief ESET Research discovers PromptSpy, the first Android threat to use generative AI ESET Named Finalist for Best Security Company in Expert Insights Awards 2026 ESET’s Tony Anscombe to Speak at NetDiligence Cyber Risk Summit Russian Sandworm group attacks energy company in Poland with DynoWiper, ESET Research discovers Fake dating app used as lure in spyware campaign targeting Pakistan, ESET Research discovers ESET is a Customers’ Choice for Endpoint Protection according to Gartner® Peer Insights™ ESET Research analyzed a critical flaw in Windows Imaging Component, which abuses JPG files ESET Wins CRN’s 2025 Gender Parity Award New Chinese group LongNosedGoblin deploys cyberespionage tools in Southeast Asia and Japan, ESET Research discovers ESET Threat Report: AI-driven attacks on the rise; NFC threats increase and evolve in sophistication Iran’s MuddyWater targets critical infrastructure in Israel and Egypt, masquerades as Snake game – ESET Research discovers ESET Research: Chinese PlushDaemon group compromises network devices for adversary-in-the-middle attacks ESET Research APT Report: Russian attacks surge in Ukraine and Europe; Chinese groups target Latin American governments ESET named a Leader in IDC MarketScape for Consumer Digital Life Protection North Korean Lazarus group targets the drone sector in Europe, likely for espionage, ESET Research discovers ESET Research discovers new spyware posing as messaging apps targeting users in the UAE ESET Enhances Free Cybersecurity Awareness Training + CSAM Resources ESET Research’s deep dive into DeceptiveDevelopment, North Korean crypto theft via fake job offers ESET Research: Russian FSB-linked Gamaredon and Turla team up to target high-profile Ukrainian entities SDSU Athletics x ESET: Proud Partnership for Student-Athlete Success ESET Research discovers UEFI-compatible HybridPetya ransomware capable of Secure Boot bypass ESET at MSP Summit 2025: Field CISO Keynote + XDR Partner Events ESET Named a Strong Performer in Independent Evaluation of MDR Services in Europe ESET Research discovers new Chinese threat group: GhostRedirector manipulates Google, poisons Windows servers with backdoors ESET discovers PromptLock, the first AI-powered ransomware" on page ESET Research: Russian RomCom group exploits new vulnerability, targets companies in Europe and Canada ESET PROTECT Elite is a Security Winner of the 2025 CRN Tech Innovators ESET has strengthened its position in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms ESET Research uncovers variants of AsyncRAT, popular choice of cybercriminals Meet the 2025 Women in Cybersecurity Scholarship Winners ESET Named a 2025 Gartner® Peer Insights™ Customers’ Choice for Endpoint Protection ESET Named a Notable Provider in latest European MDR Landscape Report ESET Wins 2025 SC Award for Ransomware Remediation ESET Research discovers the first UEFI bootkit for Linux ESET Research discovers Mozilla and Windows zero day & zero click vulnerabilities exploited by Russia-aligned RomCom APT group ESET Research discovers WolfsBane, new Linux cyberespionage backdoor by China-aligned Gelsemium Days after takedown, ESET Research releases analysis of RedLine Stealer infostealer empire ESET releases latest APT report: China-aligned groups expand targeting; Iran advances diplomatic espionage ESET Research discovers new China-aligned APT group CeranaKeeper, which targeted the Thai government ESET Threat Report: Infostealers using AI & banking malware creating deepfake videos to steal money ESET Research: Ebury botnet alive & growing; 400k Linux servers compromised for cryptocurrency theft and financial gain ESET Research releases latest APT Activity Report, highlighting cyber warfare of Russia-, China-, and Iran-aligned groups ESET Research joins global operation to disrupt the Grandoreiro banking trojan operating in Latin America and Spain Iran-linked OilRig attacks Israeli organizations with cloud service-powered downloaders, ESET Research discovers ESET Research: Official Python repository served cyberespionage backdoor, gathered 10,000+ downloads Predatory SpyLoan apps — loan sharks expand their range to Android, ESET Research finds ESET Research dives into the onboarding and scamming processes of Telekopye online fraudsters ESET Research: Android malware Kamran spying via news app on residents of the disputed Kashmir region ESET Research: Infamous IoT botnet Mozi taken down via a kill switch ESET APT Activity Report: China-aligned groups campaign against EU targets; prime target of Russia-aligned groups remains Ukraine ESET Research announces comprehensive report on Latin America’s threat landscape titled ‘Looking into TUT’s tomb: The universe of threats in LATAM’ ESET Research discovers Operation Jacana, targeting governmental entity in Guyana, likely by Chinese threat group ESET Research: North Korea-linked Lazarus impersonates Meta on LinkedIn to attack an aerospace company in Spain ESET and Calgary Flames Sign Multi-Year Partnership ESET Celebrates 10 Years in Montreal ESET Business Bundles Launch on Ingram Micro Cloud Marketplace
ESET takes part in global Operation Endgame to disrupt Amadey botnet and Stealc infostealer
2026-06-24 · via RSS
  • ESET took part in a coordinated global operation to disrupt Amadey and Stealc.
  • The disruption operation aimed to seize or render inoperative all known Amadey and Stealc C&C servers, directly disrupting the infrastructure relied upon by both MaaS offerings’ affiliates.
  • ESET Research provided technical analysis, statistical information, known C&C servers, encryption keys, campaign identifiers, and other insights.
  • In its report, ESET Research provides an overview of the MaaS ecosystem at the affiliate level for both malware families.

BRATISLAVA, PRAGUEJune 24, 2026 — ESET Research assisted in disrupting the Amadey botnet and the Stealc infostealer by providing technical analysis, infrastructure tracking, and affiliate-level insights. Both are operated as malware as a service (MaaS). The operation – coordinated by Microsoft Digital Crimes Unit (DCU), BitSight, Lumen, and Mitsui Bussan Secure Directions (MBSD) – targeted all known network infrastructure used by Amadey and Stealc affiliates in order to cripple their cybercriminal operations. At the same time, Europol’s European Cybercrime Centre (EC3), together with European law enforcement partners, including Germany’s Federal Criminal Police Office, and both the Dutch and Danish National Police, were investigating Stealc as part of Operation Endgame, alongside IBM and Proofpoint.

The ESET telemetry detection rate indicates that Amadey was observed globally without a specific regional focus. The highest detection rates were observed in India, Turkey, Egypt, Mexico, and Spain. Stealc, too, was distributed globally without a specific regional focus. The highest detection rates were observed in the United States, Poland, and Italy.

ESET contributed to the disruption by providing technical analysis, statistical information, known command and control (C&C) servers, encryption keys, campaign and build identifiers, and other threat intelligence collected during our long-term tracking of both malware families.

“ESET has been tracking both Amadey botnet and Stealc infostealer for the past three years. For the disruption operation, we shared statistics covering Q4 2025 to H1 2026, along with technical indicators and configuration data extracted from processed malware samples,” explains ESET researcher Jakub Tomanek, who assisted in the Amadey and Stealc disruption efforts. “Our automated systems have been dissecting Amadey and Stealc samples and identifying the fields most relevant for large-scale tracking. These include C&C servers, build identifiers, encryption keys, URL paths, campaign identifiers, and other embedded values used by the malware families during communication with attacker-controlled infrastructure,” he adds.

Sharing technical analysis, statistical information, and threat intelligence, such as C&C server lists, affiliate identifiers, and encryption keys, enables law enforcement agencies to identify, prioritize, and act against infrastructure with a high degree of confidence. 

Amadey is a modular malware loader. Its main purpose is to distribute additional malware to compromised systems, although it also offers modules for data exfiltration and remote access. Stealc, in contrast, is typical infostealer as a service. It targets credentials, cookies, cryptocurrency wallets, browser extensions, and files matching affiliate-defined patterns.

Both malware families are sold as services and advertised on darknet forums. In both ecosystems, affiliates receive a self-hosted administration panel that must be deployed on their own server infrastructure. This requires a certain level of technical skill from affiliates, and gives them direct control over victim data and payload distribution.

While distribution methods ultimately depend on each individual affiliate, ESET telemetry consistently showed that both malware families were delivered through a wide range of channels. The most common methods included fake software updates, cracked software installers, and third-party malware loaders.

Amadey used a pay-per-rebuild model. Affiliates purchased a license and then paid an additional fee each time they needed to generate a new build (for example, when rotating to a new C&C server). In other words, Amadey operators did not provide affiliates with a builder tool; instead, samples were compiled on request for each affiliate. It offers three modules for further data exfiltration and access: a clipboard monitoring module, a credential theft module, and a VNC-based remote access module. The service is priced at USD 600 in Bitcoin for a single license, with an additional USD 50 charged per rebuild.

Stealc took a more affiliate-friendly approach, offering unlimited build generation as part of the subscription. This lowered the operational cost of rotating C&C infrastructure and made it easier for affiliates to generate new samples as needed. It targets a broad range of data sources, including credentials stored by web browsers, email clients, FTP clients, gaming platforms, cryptocurrency wallet files, and browser extensions. Stealc is sold as a monthly subscription with the cheapest subscription for 1,000 USD per six months.

Trying to avoid impersonation scams, both operators explicitly instructed prospective affiliates on darknet forums to contact them only through official channels. Amadey directed buyers to private messages on the darknet forum where it is advertised, while Stealc used private messages on darknet forums or Telegram.

ESET will continue to monitor both families and track any attempts to rebuild operational infrastructure following the disruption.

For more details about Amadey and Stealc disruption, check out the ESET Research blogpost, “ESET takes part in global operation to disrupt Amadey and Stealc,” on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research.

Distribution of Amadey – detection heatmap (2025-present)

About ESET

ESET® provides cutting-edge cybersecurity to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of emerging global cyberthreats, both known and unknown—securing businesses, critical infrastructure, and individuals in an increasingly AI-driven world. Whether it’s endpoint, cloud, or mobile protection, our AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multifactor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. The ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network. For more information, visit www.eset.com or follow our social media, podcasts, and blogs.