StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them
Essential information
- Published
- 24/06/2026 15:40
- Modified
- —
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- access broker amadey credential theft cybercrime infostealer lumma stealer malware-as-a-service raccoon redline session token stealc vidar
- Related entities
- 39 indicators, 24 observables, 25 techniques (mitre), 6 malware
Description
Infostealers remain among the most pervasive cybercrime threats, silently harvesting passwords, cookies, and session tokens that enable enterprise breaches. StealC is a malware-as-a-service infostealer written in C++ that collects credentials from browsers, cryptocurrency wallets, messaging applications, email clients, and gaming platforms while functioning as a secondary loader. Amadey operates as a modular backdoor loader active since 2018, delivering downstream payloads including StealC, Lumma Stealer, and ransomware through various backdoor commands. Both operate on commodity rental models where stolen credentials flow through underground markets to access brokers who resell enterprise access. On June 24, 2026, Microsoft's Digital Crimes Unit coordinated with Europol to disrupt over 200 malicious command-and-control domains supporting these operations, using AI-assisted analysis tools including Microsoft Copilot for binary analysis and configuration extraction.