Europol Freezes $47M in Crypto During Global Malware Crackdown

_{Photo credit: Towfiqu barbhuiya / Unsplash.com}

Law enforcement agencies have frozen more than €41 million in cryptocurrency as part of a coordinated international operation targeting malware used to steal passwords, browser data, and crypto wallet credentials.

Operation Endgame is an ongoing international initiative that disrupts cybercrime infrastructure and the services that enable ransomware, financial fraud, and other forms of online crime.

The latest phase of Operation Endgame, coordinated by Europol, dismantled infrastructure linked to the SocGholish, Amadey, and StealC malware families. Authorities seized 326 servers, took down 142 domains, recovered nearly 27 million stolen credentials from more than 385,000 compromised devices, and cleaned almost 15,000 infected websites.

StealC, which has been sold as malware-as-a-service since 2023, is designed to harvest data from infected devices. Security researchers have previously found that the malware included tools capable of extracting MetaMask wallet seed phrases. Amadey is commonly used to deploy additional malware after an initial infection, while SocGholish spreads through fake browser update prompts on compromised websites.

Microsoft, which supported the operation alongside Europol and other partners, said Amadey and StealC were linked to more than 140,000 infected computers worldwide during the first two weeks of May. The company has also filed a civil action in the United States to disrupt the infrastructure used by malware operators.

Europol said victim notifications are being coordinated through services such as Have I Been Pwned to help affected users identify compromised credentials.