European law enforcement agencies take down malware that stole millions of login credentials
©Clint Patterson via Unsplash
European law enforcement agencies have once again dealt a major blow to cybercriminals by taking the malware infrastructure of StealC and Amadey offline. During the international operation, part of Operation Endgame, hundreds of servers and domain names were seized or taken offline.
According to the Dutch police and Europol, the affected servers contained millions of stolen login credentials. In total, more than 20 million login credentials were found, originating from hundreds of thousands of computer systems. This data could be used to gain access to online services and corporate networks.
StealC and Amadey are so-called “infostealers.” This is malware designed to steal passwords, digital identities, and other sensitive information from victims. Infection often occurs through phishing emails or deceptive downloads, after which the malware secretly transmits data to criminals.
The stolen data often serves as the starting point for a larger chain of attacks. Criminals use it, among other things, to impersonate victims, infiltrate networks, or install ransomware—software that locks files and only releases them after payment is made.
International cooperation
Law enforcement agencies from the Netherlands, Germany, Denmark, the United Kingdom, and the United States participated in the operation, led by the Dutch Public Prosecution Service. Europol and Eurojust provided support, as did Microsoft and other private partners.
According to Europol, since the launch of Operation Endgame in 2024, there have already been several major crackdowns on infrastructure that enables ransomware and other forms of cybercrime.
Victim?
People who have fallen victim to an infostealer should assume a broad impact from the data breach. After all, it’s not just the account for which a notification is received, but all accounts used on the same device that may be at risk. Changing passwords and enabling two-step verification is therefore advisable, according to the police.
Anyone who wants to check whether their data is included in the stolen dataset can do so via the police’s hacked data check.
©Clint Patterson via Unsplash - illustrative image
Trump's son squanders $600 million of family fortune on a bad bet
- Jul 10, 2026 15:40
Ukraine reports 233 combat engagements along the front line in 24 hours
- Jul 10, 2026 12:00
