All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Technical analysis of StealC and Amadey infostealers and the takedown of their cybercrime infrastructure

By

Microsoft Threat Intelligence, Microsoft Defender Security Research Team, Microsoft Digital Crimes Unit

10d ago· 20 min readenInsight

Summary

This article provides a detailed technical breakdown of the StealC and Amadey infostealer malware strains, analyzing their architecture, capabilities, and the cybercrime infrastructure that delivers them. It covers how these infostealers harvest passwords, cookies, and session tokens from compromised devices, and how stolen data can escalate from personal device infections to enterprise security risks. The analysis also discusses the June 24, 2026 takedown of StealC and Amadey infrastructure facilitated by Microsoft's Digital Crimes Unit (DCU), examining the technical methods used to disrupt these operations.

Source

bskyTechnical analysis of StealC and Amadey infostealers and the takedown of their cybercrime infrastructuremsft.it

Key quotes

· 3 pulled
Infostealers continue to be some of the most pervasive and impactful threats across the cybercrime ecosystem.
They play a central role in intrusions, silently harvesting passwords, cookies, and session tokens before exfiltrating stolen data to attacker-controlled infrastructure.
If not mitigated, these threats can turn a single consumer-device compromise into an enterprise risk: an infostealer infection on an employee's personal device could yield corporate virtual private network (VPN) credentials, single sign-on (SSO) tokens, and session cookies that could allow an attacker to bypass mu
Snippet from the RSS feed
On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that formed the backbone of the StealC and Amadey infrastructure. This blog is a technical breakdown of StealC and Amadey.

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.