EUROPOL'S Operation Endgame disrupted the infrastructure of malware services StealC, Amadey, and SocGholish from June 15-19, 2026. The operation involved multiple international law enforcement agencies and private firms targeting malware that facilitates ransomware and fraud. Key outcomes included the dismantling of 326 servers and 142 domains, recovering 27 million stolen credentials, and restricting over €41 million in criminal cryptocurrency assets.
SocGholish, linked to Evil Corp, injects malicious prompts into legitimate sites, while Amadey spreads through phishing and acts as a dropper for other malware. The operation aims to undermine the cybercrime supply chain by targeting initial access malware, significantly decreasing the capability of cybercriminals to launch attacks.