A global crackdown on "cybercrime-as-a-service" malware that quietly drains crypto wallets has frozen tens of millions of dollars in stolen funds.
Amadey gains the initial foothold and drops further malware, while SocGholish, linked to the Russian group Evil Corp, infects people through fake browser-update prompts on hacked websites. Together they form the front end of attacks that end in drained wallets, account takeovers, and ransomware.
Police took down 326 servers and 142 domains, recovered almost 27 million stolen credentials from more than 385,000 compromised systems, and cleaned nearly 15,000 infected websites, many of them small businesses. Microsoft, a partner in the operation, tied Amadey and StealC to over 140,000 infected computers worldwide in the first two weeks of May alone.
What are infostealers?
















