Source URL: www.microsoft.com/en-us/sec… Microsoft’s analysis describes how infostealers such as StealC and malware loaders such as Amadey function as commoditized cybercrime services that harvest passwords, cookies, session tokens and other credentials, often turning a compromise on an unmanaged or personal device into an enterprise-access risk. Microsoft’s Digital Crimes Unit, working with Europol and industry partners, announced a coordinated disruption action on June 24, 2026, targeting more than 200 malicious Amadey and StealC command-and-control domains and IP addresses through court orders, domain actions, registrations and provider notifications. The enterprise takeaway is that identity protection, credential hygiene, session-token controls, unmanaged-device risk management and rapid response remain central because attackers may appear as valid users after the initial infection.
StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them
Edward Kiledjian
@ekiledjian