Proofpoint and IBM X-Force collaborated with Europol and Microsoft's Digital Crimes Unit to disrupt the StealC malware-as-a-service ecosystem as part of Operation Endgame, seizing 66 domains, 296 servers, and over 25.6 million stolen credentials. Researchers discovered a directory traversal vulnerability in the StealC PHP C2 panel's filename handling during ZIP extraction, which was exploited by law enforcement to access and seize C2 servers. The teams also built a StealC bot emulator to track affiliate infrastructure and observe payload delivery chains, revealing StealC's loader functionality distributing a broad range of secondary malware including ransomware, RATs, and additional stealers.