Proofpoint has collaborated with IBM

Under the coordination of Europol, 66 domains and 296 servers linked to StealC and Amadey have been intervened, and more than 25.6 million unique credentials from some 385,000 compromised systems have been confiscated.

Earlier this year, researchers from Proofpoint and IBM X-Force identified a flaw in StealC’s command and control panels that allowed access to the infrastructure used by operators. After developing and validating a controlled exploitation method, this capability was incorporated into the investigation and dismantling work carried out by the security forces.

Analyze distributed malicious payloads

Both teams also developed a StealC-specific emulation system to reproduce the behavior of infected computers and communicate directly with the attackers’ command and control servers. Using this technology, researchers were able to identify infrastructures, track affiliated groups, and analyze distributed malicious payloads. Researchers identified numerous malware families, including Amadey, AsyncRAT, HijackLoader, RedLine Stealer, SmokeLoader, Vidar, XTinyLoader, and LockBit Black.

Marketed since 2023, StealC allows other cybercriminals to generate and distribute campaigns to steal sensitive information from their victims. The stolen data includes credentials, cookies, browsing histories, information from email and messaging applications, credentials from business tools and remote access, as well as cryptocurrency wallets. This stolen data is often later used to compromise organizations, escalate privileges, or be sold on underground markets.

StealC allows other cybercriminals to generate and distribute campaigns to steal sensitive information from their victims

“Digital identities continue to be one of the most valuable assets for cybercriminals. The economics surrounding infostealers represent an increasing threat to both organizations and individual users,” Proofpoint researchers note. “Strong partnerships between the private sector and law enforcement, such as in Operation Endgame, demonstrate how coordinated action can significantly weaken criminal operations. The disruption of StealC will have a notable impact on its operational capacity, affecting the continuity of its services, its ability to distribute malware, its reputation and its ability to attract affiliates.”

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.