International law enforcement agencies and tech giants have dismantled a sophisticated cyber operation that had been churning out millions of compromised login credentials and raking in over $47 million from various fraudulent activities.

The centrepiece of the operation was the coordinated shutdown of two tools, Amadey and StealC. Amadey acts as a malware-as-a-service platform, compromising devices to deliver ransomware or other scams. StealC is an infostealer-as-a-service that collects login details, authentication cookies, cryptocurrency wallets, and more.

Both tools relied on shared infrastructure, which Microsoft detected through AI analysis. This allowed them to seek simultaneous disruption of both operations, severing a crucial link in the cybercrime chain.

“This action goes after the cybercrime ‘assembly line,’ where coordinated tools drive ransomware, financial fraud, and disruptions to public services,” said Microsoft. “Amadey and StealC are often used alongside each other: Amadey helps attackers gain access to devices, while StealC steals passwords and sensitive information. Together, they form a critical link in the chain.”