Technical analysis of StealC and Amadey infostealers and the takedown of their cybercrime infrastructure
By
Microsoft Threat Intelligence, Microsoft Defender Security Research Team, Microsoft Digital Crimes Unit
Summary
This article provides a detailed technical breakdown of the StealC and Amadey infostealer malware strains, analyzing their architecture, capabilities, and the cybercrime infrastructure that delivers them. It covers how these infostealers harvest passwords, cookies, and session tokens from compromised devices, and how stolen data can escalate from personal device infections to enterprise security risks. The analysis also discusses the June 24, 2026 takedown of StealC and Amadey infrastructure facilitated by Microsoft's Digital Crimes Unit (DCU), examining the technical methods used to disrupt these operations.
Source
Key quotes
· 3 pulledInfostealers continue to be some of the most pervasive and impactful threats across the cybercrime ecosystem.
They play a central role in intrusions, silently harvesting passwords, cookies, and session tokens before exfiltrating stolen data to attacker-controlled infrastructure.
If not mitigated, these threats can turn a single consumer-device compromise into an enterprise risk: an infostealer infection on an employee's personal device could yield corporate virtual private network (VPN) credentials, single sign-on (SSO) tokens, and session cookies that could allow an attacker to bypass mu
You might also wanna read
Revisiting Stuxnet: Technical Analysis of File-Hiding Rootkit Design and Kernel Mechanisms
An independent malware analyst and researcher revisits the Stuxnet worm, focusing on technical analysis of its "hide files" design patterns
Microsoft uncovers Tor-based cryptocurrency clipper malware with worm-like propagation
Microsoft Threat Intelligence identified a Windows-based cryptocurrency clipper malware campaign active since February 2026. The malware use
Supply Chain Attacks on Open-Source Software: Case Study of Malicious Pull Request Attempts
The article discusses recent supply chain attacks on open-source software projects like LiteLLM and axios, with a specific case study of att
VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer
AI Security Beyond Cybersecurity: Zico Kolter and Matt Fredrikson on Red-Teaming, Jailbreaks, and Safety Research
Zico Kolter (OpenAI board member, Safety & Security Committee) and Matt Fredrikson (CMU professor, CEO of Gray Swan) discuss AI security wit
Kaspersky Researchers Document New Infection Chains and IoCs in Notepad++ Supply Chain Attack
Kaspersky GReAT experts discovered previously undocumented infection chains used in the Notepad++ supply chain attack that occurred from Jun

Comments
Sign in to join the conversation.
No comments yet. Be the first.