- A global law enforcement crackdown, Operation Endgame, has frozen over $47 million in stolen cryptocurrency linked to major Malware operations.
- The operation dismantled infrastructure for the SocGholish, Amadey, and StealC malware families, which stole passwords and crypto wallet data to fuel fraud.
- Authorities recovered nearly 27 million stolen credentials from over 385,000 infected systems and took down hundreds of servers and domains.
In a major strike against cybercrime, global law enforcement led by Europol has frozen tens of millions in illicit cryptocurrency. The action, part of Operation Endgame, targeted malware-as-a-service operations that steal digital assets.
Authorities specifically dismantled infrastructure for three malware families: SocGholish, Amadey, and StealC. Europol confirmed the operation seized over €41 million, or roughly $47 million, in criminal crypto assets. Consequently, 326 servers and 142 domains were taken offline.
The StealC malware was particularly dangerous for crypto users, as it scraped wallet files and passwords from infected machines. Researchers at IBM-x-force-support-operation-endgame”>Proofpoint found its control panel included a plugin designed to decrypt MetaMask wallet seed phrases.
Meanwhile, SocGholish infected victims through fake browser-update prompts on hacked websites. These infections often led to drained wallets and Ransomware attacks. Police recovered almost 27 million stolen credentials from more than 385,000 compromised systems.
Infostealers have become a primary vector for crypto theft, quietly lifting private keys and seed phrases. An earlier phase of Operation Endgame uncovered login data for over 100,000 crypto wallets, according to Eurojust.
In a parallel effort, Microsoft‘s Digital Crimes Unit filed a U.S. racketeering lawsuit treating two malware families as a single conspiracy. Using AI tools, investigators linked Amadey and StealC to shared infrastructure. Microsoft reported disrupting over 200 command-and-control servers and identifying 18,000 victim computers.
However, malware operators often regroup after such takedowns, with StealC already shipping an upgraded version this month. For now, authorities are alerting victims through services like Have I Been Pwned so users can check if their credentials were compromised.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
