惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

U
Unit 42
N
News and Events Feed by Topic
S
Schneier on Security
G
GRAHAM CLULEY
Scott Helme
Scott Helme
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
GbyAI
GbyAI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
C
CERT Recently Published Vulnerability Notes
T
The Exploit Database - CXSecurity.com
C
Cisco Blogs
T
The Blog of Author Tim Ferriss
Cisco Talos Blog
Cisco Talos Blog
P
Privacy & Cybersecurity Law Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 司徒正美
Blog — PlanetScale
Blog — PlanetScale
Project Zero
Project Zero
MyScale Blog
MyScale Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Apple Machine Learning Research
Apple Machine Learning Research
小众软件
小众软件
The Last Watchdog
The Last Watchdog
Vercel News
Vercel News
The Cloudflare Blog
C
Check Point Blog
Help Net Security
Help Net Security
Microsoft Security Blog
Microsoft Security Blog
AI
AI
Simon Willison's Weblog
Simon Willison's Weblog
云风的 BLOG
云风的 BLOG
M
MIT News - Artificial intelligence
Stack Overflow Blog
Stack Overflow Blog
腾讯CDC
NISL@THU
NISL@THU
S
Security @ Cisco Blogs
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
S
SegmentFault 最新的问题
MongoDB | Blog
MongoDB | Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threatpost
AWS News Blog
AWS News Blog
Cloudbric
Cloudbric
N
News and Events Feed by Topic
PCI Perspectives
PCI Perspectives
S
Securelist
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V
Vulnerabilities – Threatpost
S
Secure Thoughts

Hackread – Cybersecurity News, Data Breaches, AI and More

Suspected Cyberattack Sends Fake Emergency Alert to Phones Across Brazil New GhostShell Hacking Group Targets Ukraine’s Drone Defense Sector Fake npm Packages Impersonate PostCSS Tool to Steal Chrome Passwords Best Crypto Payment Solutions for E-Commerce Businesses Internet Society Foundation Opens Global Call for Common Good Cyber Fund to Strengthen Cybersecurity LastPass Confirms Customer Data Breach After Klue OAuth Token Theft ‘Cordyceps’ CI/CD Flaw Exposes Microsoft, Google, Apache Repos to Pipeline Hijacking The Rise of AI-Powered Academic Fraud: Beyond Traditional Plagiarism New CryptoBandits Malware Uses USB Drives and Tor to Steal Crypto The Evolution of iGaming Fraud: What Security Teams Should Expect in 2027 2 Scattered Spider-Linked Hackers Plead Guilty Over £39M TfL Cyberattack Beats Studio Buds Flaw Could Let Nearby Attackers Eavesdrop on Users Texas Parks and Wildlife Data Breach Affects Over 3M License Customers Threat Hunting Beyond Alerts: Finding the Activity Detection Misses Scammers Use Fake GitHub Stars, VirusTotal Reviews to Spread Crypto Clipper Salesforce Disables Klue Integration After OAuth Token Theft Hits Customer Data MDR Provider Comparison: Time to Discover and Respond to Threats Meteor 3.0 Migration Helped Rocket.Chat Move Off End-of-Life Node.js Runtime Gcore Helps Ucom Safeguard Public Live Broadcast Infrastructure During Armenia’s Parliamentary Elections Nintendo America Employee Data Exposed After Shadowbyt3$ Targets TinyPulse eFAQ Publishes Investigation Into Alleged Scam Activity and Coordinated Reputation Attacks FIFA World Cup 2026: Hackers Target Football Fans With Fake Tickets Sites MacBook Neo vs Windows Laptops for Cybersecurity Tasks Operation Endgame Disrupts SocGholish Malware Infrastructure What Businesses Should Know Before Migrating Their CMS DragonForce Ransomware Abused Microsoft Teams to Hide Malware Activity Agentjacking: Researchers Show How One Fake Bug Report Can Hijack AI Coding Agents FortiBleed Attack Exposes Fortinet Firewall Credentials in 194 Countries SpyCloud Report Finds Phishing Attacks Surge as Employee Data Is Exposed at 86% of Fortune 100 Companies 152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Fake Search Clicks Heimdal Survey: Executives Four Times More Confident About AI Risk Than the Teams Managing It ESET MDR vs Sophos MDR: Compared Time to discover and respond to a threat 15 Malicious JetBrains Plugins Caught Stealing DeepSeek, OpenAI API Keys Amos Stealer Targets macOS Keychain Files and Browser Passwords Aembit Extends IAM for Agentic AI to Microsoft Copilot Studio AppViewX Launches Agent Identity Security to Govern Agents for the AI and Quantum Era New Rokarolla Android Trojan Found Targeting 217 Crypto and Banking Apps Developer laptops are the credential store attackers are picking through in 2026, GitGuardian announces Endpoint Protection Best of Android Fax Apps: Top 5 Secure Picks for 2026 Feds Seize CFAKE and SOCFAKE Over Explicit Deepfakes of Famous Women Handala Hacking Group Claims Breach of California Water Service Over 50 Android Apps Found Spreading MagicAd Trojan via Official Stores Hackers Hide New Argamal Malware Inside Working Hentai Games Extradited Ukrainian Man Admits Role in Conti Ransomware Attacks Atomic Arch Campaign Hijacks 20+ Linux AUR Packages to Deliver Malware ShinyHunters Target Universities in Oracle PeopleSoft Zero-Day Attack The SpaceX Pre-IPO Market: How Crypto Rails Are Opening Synthetic Access Feds Seize AudiA6 and Dark2Web in $389M Crypto Laundering Case ShinyHunters Leak 40GB of University of Nottingham Student Data Authorities Dismantle Decade-Old SniperDZ Phishing Network Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface Management Hackers Use Fake Claude Code Guide and AI PDFs to Spread AsyncRAT Malware The Hidden Security Risks of Poor Software Testing FBI Seizes China-Linked Fake Consulting Sites Targeting US Clearance Holders How to Turn Images into Animated Videos with AI: A Wondershare Filmora Guide Scammers Use TikTok and Instagram Reels to Spread Vidar Infostealer ServiceNow Discloses Security Incident Exposing Customer Data Cloud Security Report Finds Fragmented Tools Widening the Cloud Complexity Gap Microsoft June 2026 Patch Tuesday Fixes 206 Flaws and 3 Zero-Days Network Log Analysis: Why Collecting Logs is Not Enough WhatsApp Says It Blocked Pegasus Spyware Campaign Linked to NSO Operation FlutterBridge Uses Fake Google Ads to Spread macOS Backdoor Hackers Clone Ghidra, dnSpy and Other Tool Sites to Spread Malware Silent Ransom Group Uses Fast Flux Botnet to Hide Law Firm Leak Sites Instagram Recovery Tool Bug Exposed 20,225 Accounts to Password Reset Abuse Instagram Glitch Reportedly Exposed Contact Info of Zuckerberg and Other Users New Pink Extortion Group Targets Microsoft 365 Cloud Data Via Vishing Scams Miasma Malware Hits 32 Red Hat Packages via Compromised GitHub Account Atlas Menu Data Breach Exposes 64,000 GTA V and CS2 Cheat Service Users Reaper macOS Infostealer Abuses Script Editor to Steal Crypto and Passwords iFood Confirms Data Breach Affecting 1.2 Million Users in Brazil Why eSIMs Are Replacing Traditional SIM Cards Lazarus Group Uses npm Brandjacking Campaign to Target Developers Five Eyes Warns Chinese Spies Are Using Fake Job Ads to Target Military Staff How to Recover Data from iCloud Backup Without Resetting Your iPhone China-Linked TA4922 Hackers Target UK, Europe With New SilentRunLoader Malware Alcasec, "Robin Hood of Spanish Hackers," Jailed for 31 Months Over Data Theft Fake ChatGPT Desktop App Ads Used to Push Password-Stealing Malware Hackers Abused Meta’s AI Support Bot to Hijack Major Instagram Accounts New WordPress Malware Uses Steam Profile Comments to Hide C2 Instructions Halo Security Honored with 2026 MSP Today Product of the Year Award Why Encrypted File Sharing Is Essential for Modern Businesses What One Predator Case Can Reveal About an Online Platform’s Safety Gaps RaccoonLine Publishes 2026 dVPN Buyer’s Guide for Privacy-Focused Users How to Get a Reddit API Key in 2026: Step-by-Step Guide Zero-Click pretalx XSS Flaw Lets Hackers Hijack Conference Organizer Accounts How to Get the Most From Your Explainer Video Production Services Fake Purchase Order Emails Spread Fileless PureLogs Malware via RAR Archives 27,000-Download Codex UI Tool Secretly Stole OpenAI Refresh Tokens Fake Anthropic Sites Deliver Fileless Infostealer to Claude Code Users The Deliverability Problem: How New Platforms Are Solving Inbox Placement The CISO Whisperer's Watch List For The Gartner Security & Risk Management Summit 2026 Can Big Data Predict Market Movements Accurately? Iran’s Nimbus Manticore Used Trojanized Zoom Installers Against US Firms How Can MSSPs Scale Threat Detection Without Burning Out Their Analysts? Link11 is fully committed to Europe and is opening a Customer Excellence Hub in Lisbon Trojanized Gemini and Claude Installers Target Developers Via SEO Poisoning Claude Mythos AI Identified 10,000+ Software Vulnerabilities in One Month FBI Chief Kash Patel’s Clothing Store Hacked in ClickFix Infostealer Attack Netherlands Busts Bulletproof Hosting Network Linked to Disinfo and Cybercrime
Operation Endgame Disrupts StealC, Amadey and SocGholish Malware Networks
Waqas · 2026-06-25 · via Hackread – Cybersecurity News, Data Breaches, AI and More

An international law enforcement operation has disrupted infrastructure used by StealC malware, a widely used infostealer sold to cybercriminals as a service.

The latest action was announced on 24 June 2026 as part of Operation Endgame, a long-running effort aimed at malware families and services that help cybercriminals steal credentials, gain access to systems, and prepare follow-up attacks.

StealC has been active as a malware-as-a-service (MaaS) tool since January 2023. For context, this means criminal customers can buy access to a control panel, build malware samples, infect victims, and collect stolen data through servers they manage.

The malware is designed to steal browser passwords, cookies, autofill data, credit card details, tokens, crypto wallet data, and credentials from tools such as Telegram, Discord, Outlook, FileZilla, WinSCP, OpenVPN, ProtonVPN, and gaming platforms.

According to Proofpoint and IBM X-Force who supported the operation by providing technical intelligence on StealC activity, infrastructure, and payload delivery, the June operation affected 66 domains and 296 servers linked to Amadey and StealC.

Researchers also identified more than 25.6 million unique stolen credentials taken from over 385,000 compromised systems. Europol said the wider action against SocGholish (also known as FakeUpdates), Amadey, and StealC involved 326 servers and 142 domains, with about 27 million stolen login credentials recovered.

The operation also hit criminal crypto assets. In its press release, Europol said assets worth more than EUR 41 million, about USD 47 million, were identified, flagged, and restricted from use.

Operation Endgame’s video on the take down of the StealC malware infrastructure

It is worth noting that StealC is not limited to simple password theft. The malware can also act as a loader, allowing operators to deliver other malicious files to infected machines. Proofpoint and IBM X-Force researchers observed StealC-linked activity delivering malware families, including the following:

In one case, a LockBit Black ransomware (aka LockBit 3.0) payload.

To track the malware, Proofpoint and IBM X-Force collected StealC samples from internal sources, VirusTotal, and sharing partners. They extracted malware configurations containing command-and-control addresses, build IDs, encryption keys, and communication settings. That data helped researchers map active operations and create detections.

The researchers also built a StealC emulator that copied the way an infected machine communicates with a StealC control server. This allowed them to collect payload URLs served by criminal operators and study what malware was being delivered after the first infection.

A technical flaw in StealC’s own command-and-control panel also played a role. Proofpoint and IBM X-Force said they found a vulnerability in early 2026 while working with law enforcement. An exploit was later created, tested, and used during investigative and disruption activity against StealC servers.

The flaw involved how the StealC backend handled filenames from infected machines. Researchers said the panel failed to properly remove forward slashes from submitted filenames, creating a directory traversal issue that could be abused to upload a web shell to the StealC server. The StealC developers patched the flaw in February, but researchers said the panel code had other security issues as well.

Operation Endgame Disrupts StealC, Amadey and SocGholish Malware Networks
Snippet of C2 panel code (Image credit: ProofPoint)

The operation included law enforcement agencies from Canada, Denmark, Germany, the Netherlands, the United Kingdom, and the United States, with Europol and Eurojust coordinating international cooperation. Private partners included Microsoft, Proofpoint, IBM X-Force, Infoblox, Bitdefender, The Shadowserver Foundation, Have I Been Pwned, Spamhaus, and others.

“We are extremely pleased to have supported Europol in the successful disruption of the SocGholish, StealC, and Amadey operations, and congratulate all those involved in this effort,” said Alex Cosoi, Chief Security Strategist at Bitdefender in a comment to Hackread.com.

“This takedown is a powerful demonstration of what public and private sector collaboration can achieve in dismantling the infrastructure that enables cybercrime at scale. It also sends a clear message to those behind malware ecosystems: no matter how sophisticated the tools or how distributed the network, coordinated international action will find them,” Cosoi emphasised.

Operation Endgame has now become one of the most visible international efforts against malware services used in cybercrime. The action against StealC shows how collaboration between law enforcement agencies and cybersecurity firms can turn tables against cybercriminals.