Operation Endgame: two infostealers taken down again
In Operation Endgame, police have once again taken infostealers that spread malware offline. This concerns the infostealers Amadey and StealC. In addition, more than a hundred criminal servers and domains have been seized and/or taken offline. More than twenty million login credentials of victims were found here.
Under the leadership of the National Public Prosecution Service, the National High Tech Crime Unit worked together with the investigative services of Germany, Denmark, the United Kingdom, and the United States, supported by Europol and Eurojust, Microsoft, and other private partners. Read more on the Europol website.
Infostealers
An infostealer is a form of malware used to steal sensitive data from victims' computers. Victims become infected by, among other things, software downloads from untrustworthy sources or via phishing emails. Subsequently, sensitive data such as usernames, passwords, crypto wallets, and system information are stolen from the victim's computer unnoticed and forwarded to the criminal. The stolen data can be used by criminals to impersonate the victim and thus steal money, or to gain access to (corporate) networks and infecting more systems.
Infostealers such as Amadey and StealC often form the first link in an attack chain. Through this malware, additional malware, such as ransomware, can be installed on the infected systems.
Victim data
The cooperating police services have to date found more than 24 million login credentials on the seized servers, originating from no fewer than 384 thousand computer systems for more than 1.5 million different services and companies.
Victim of infostealers?
People who have fallen victim to an infostealer must assume that all accounts that were ever logged into via the infected device are in the hands of criminals. It is therefore not sufficient to only change the password of the account for which a notification is received. The advice is to immediately change the login details of all accounts used on the same device and, where possible, enable two-factor authentication.
Do you want to know if your data is included? At www.politie.nl/checkyourhack, you can check if your login details appear in the dataset, and what you should do.
About Operation Endgame
These actions are part of Operation Endgame. It is the largest international cooperation between police services and private parties ever in combating ransomware and cybercrime worldwide. Since its start in 2024, Operation Endgame has already taken dozens of criminal networks offline and found hundreds of millions of victim records in the process.