StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them
ID: f03a366d-f109-597e-848a-60088e76843b
STIX ID: report--f03a366d-f109-597e-848a-60088e76843b
Feed Name: Microsoft Security
Date Published: 2026-06-24
Date Updated: 2026-06-24
Author: Microsoft Threat Intelligence, Microsoft Defender Security Research Team and Microsoft Digital Crimes Unit
Microsoft threat intelligence describes StealC (an infostealer MaaS) and Amadey (a modular MaaS loader), detailing how they harvest browser and application credentials, exfiltrate data to C2, enable downstream access brokers and ransomware actors, and are delivered via deceptive downloads, loaders, and other scalable techniques; the blog also documents a coordinated takedown of over 200 domains/IPs, provides technical indicators (hashes, C2 URLs), TTPs, and mitigation guidance for defenders.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
