Europol, Microsoft, Proofpoint, IBM and other law enforcement and industry partners announced a collaborative takedown of StealC and Amadey infrastructure on Wednesday, as part of Operation Endgame. Microsoft revealed that it used AI-assisted techniques leveraging Copilot to establish a connection between the StealC and Amadey operations, allowing the company to take legal action against shared infrastructure under the Racketeer Influenced and Corrupt Organizations Act (RICO). Additionally, Proofpoint and IBM X-Force described how the companies discovered a vulnerability in StealC command-and-control (C2) panels and emulated StealC clients to track attacker payloads and threat clusters. StealC is a malware-as-a-service (MaaS) infostealer capable of stealing credentials from Chromium-based browsers, Gecko-based browsers and desktop applications, including credentials for mail servers, WinSCP FTP and SFTP, and gaming applications like Steam. Amadey is another MaaS offering and loader frequently used to deliver StealC, with Microsoft stating that while developed by separate threat actors, they rely on the same infrastructure. Microsoft identified more than 18,000 compromised systems, with legal action disrupting more than 200 C2 servers. Europol announced it seized more than €41 million in crypto assets and identified about 27 million stolen credentials in total throughout its investigations of StealC, Amadey and SocGholish.