In a novel maneuver for a disruption operation against cyber attackers, industry and law enforcement teamed up to conduct a court takedown of two widely-used criminal tools at once rather than individually, Microsoft said Tuesday.

The takedown simultaneously went after Amadey, a botnet that can serve as a malware delivery system, and StealC, an infostealer. Cybercriminals often use them in conjunction and they rely on the same infrastructure, Microsoft said.

“When multiple parts of an operation are disrupted together, attacks are harder to launch, scale, and recover from,” said Steven Masada, assistant general counsel for Microsoft’s Digital Crimes Unit. “The result: fewer disrupted services, fewer opportunities for cybercriminals to profit, and more friction when they try to rebuild. It’s no longer enough to go after threats one by one. We need to interrupt how the attacks are put together.”

Microsoft had been tracking Amadey with ESET, BitSight, Lumen and Mitsui Bussan Secure Directions. Meanwhile, Europol had been investigating StealC alongside law enforcement partners including Germany’s Federal Criminal Police Office and the Dutch and Danish National Police as well as IBM X-Force and Proofpoint.

They then joined forces and turned to the Racketeer Influenced and Corrupt Organizations (RICO) Act, used to help authorities go after organized crime, to disrupt more than 200 command-and-control servers. Microsoft said it gained insights from its artificial intelligence product Copilot that “allowed the legal team to treat both malware families as part of a single criminal conspiracy.”

Microsoft regularly leads court-authorized disruption operations, but the industry and law enforcement partnerships combined with AI to expand data collection and identify connections beyond what one company could normally do, it said.

Amadey and StealC were linked to more than 140,000 infected computers around the globe in the first week of May alone, the company said. StealC has ranked among the top infostealers for years since its emergence in 2023 and sells in underground forums as a malware-as-a-service. It’s typically used by Russia-linked groups.

Amadey dates back to 2018, and is also commonly employed by Russian groups, including in attacks on Ukraine.

Their interaction shows the assembly line-like structure of modern cybercrime, Microsoft said. Even if the cybercriminals behind both tools never coordinate, their tools are designed to work together, it said.

“StealC is an infostealer that collects sensitive data from browsers, cryptocurrency wallets, messaging applications, email clients, and gaming platforms,” the company wrote in a separate blog post. “It is a malware-as-a-service (MaaS) offering that threat actors use to generate customized payloads and manage stolen data through a centralized web panel. Meanwhile, Amadey is a MaaS loader that threat actors use to deliver StealC and other malware. Modular, pay-as-you-go models like StealC and Amadey allow threat actors to use a single initial infection to quickly escalate into multiple other threats.”

The post In a first, a court takedown goes after two cybercrime tools at once appeared first on CyberScoop.

Meta said Monday that it caught a spearphishing campaign linked to spyware maker NSO Group despite a court injunction, prompting the tech giant to file a contempt-of-court complaint.

The company won a civil case last year against NSO Group barring it from targeting WhatsApp users and securing $168 million in damages, although NSO Group has been appealing the ruling.

But Meta says NSO Group, makers of the Pegasus spyware, isn’t honoring the permanent injunction.

“We successfully disrupted NSO-linked social engineering attempts, after investigating user reports,” it said in a blog post. “They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp, similar to previously reported 1-click phishing campaigns linked to NSO. We also caught them creating test accounts and groups on WhatsApp, which we took down.”

Meta said the campaign resembled spyware infections that hit journalists and activists in Jordan from 2019 to 2023.

NSO Group didn’t respond to requests for comment about Meta’s accusations.

One top researcher who tracks spyware said NSO Group’s actions are an argument for keeping them on the U.S. sanctions “entity” list that the company has fought to be removed from since its designation in 2021.

“NSO’s own actions make the strongest argument for why they should stay on the Entity list,” John Scott-Railton, senior researcher at the University of Toronto’s Citizen Lab, wrote on social media. “And reaffirm that the decision to put them there was the right one.”

Meta made the same argument.

“When a malicious company on the US government’s Entity List continues to defy US courts, existing restrictions must remain firmly in place,” it said in its blog post. “Easing them would undermine US national security and put American companies and billions of people worldwide who depend on secure communications at risk.”

Lawmakers have sought information on the federal government’s prospective use of NSO Group tech and other kinds of spyware, despite a blacklist, given close ties between the company’s new executive chairman and President Donald Trump.

The post Meta accuses NSO Group of defying spyware injunction, files contempt of court complaint appeared first on CyberScoop.

The Supreme Court will hear oral arguments Monday in a case that could limit the government’s ability to obtain bulk digital data of device users with a single warrant, in a rare instance of the country’s top justices taking on digital rights.

Chatrie v. The United States is the first major Fourth Amendment case the court has taken up since 2018, despite the proliferation of technology that impacts privacy since then. At the center of what the justices will address are so-called geofence warrants, which compel companies to disclose user data from a certain time and location.

“It’s a really interesting question about a law enforcement tool that would have been unimaginable a few decades ago, where you can basically look at potentially every phone, for example, that passed through a particular area in a particular window,” said John Villasenor, a law professor at UCLA and nonresident senior fellow at the Brookings Institution.

Both conservative and liberal civil liberties advocates have lined up in favor of the petitioner, leaving the United States government with fewer friend-of-the-court briefs on its side. Okello Chatrie was convicted for a 2019 bank robbery after police used a geofence warrant to obtain information from Google about users during a one-hour period and 17.5-acre area, then refined the search.

In Congress, Democrats have raised concerns about geofence warrants as they might pertain to abortion rights, while Republicans have raised concerns about their use in tracking suspects linked to the Jan. 6, 2021 insurrection at the Capitol.

Courts have been divided on the legality of the geofence warrant in Chatrie’s case. Google has since stopped storing location data in the cloud and moved records directly to user devices, but those siding with Chatrie say it could have broader implications for financial records, search history records, chat bot records and more.

“We think it’s important that courts get it right and that, among other things, courts recognize that we have a property interest in many of our digital records,” said Brent Skorup, a legal fellow at the Cato Institute, which has filed an amicus brief on behalf of the petitioner. “If the government can get those digital records without a warrant, that renders the Fourth Amendment pretty empty and we’re not secure in our privacy and traditional rights to having control of our private papers and effects.”

The United States noted that Chatrie opted into Google’s storage of his location history, and that the information’s collection is not substantially different from identification of other markers of someone’s presence, like tire tracks or boot prints.

“Individuals generally have no reasonable expectation of privacy in information disclosed to a third party and then conveyed by the third party to the government,” it wrote. A collection of 32 attorneys general have sided with the U.S. government, as well as some law professors.

In the 2018 case, Carpenter v. The United States, the Supreme Court limited the applicability of that “third-party doctrine” — echoed by the U.S. government’s argument in the Chatrie case — to search and seizure of 127 days’ worth of someone’s cell site location information, ruling that it constituted a search under the Fourth Amendment and therefore required a warrant.

The type of warrant is at issue in Chatrie v. The United States. A Virginia court ultimately found that geofence warrant unconstitutional because it was not sufficiently specific and was not supported by probable cause for every user whose data was collected. However, the court ruled the evidence was admissible in court, because law enforcement acted in “good faith” in the belief that it was constitutional.

Villasenor said the court could clear a lot up by addressing the good faith exception, something lower courts have used to sidestep substantial constitutional rulings, according to one study. But both Villasenor and Skorup say it’s possible that the Supreme Court also could fail to arrive at a conclusive ruling on the issues at stake in Chatrie.

While some civil liberties advocates are optimistic about the outcome due to the court’s ruling in Carpenter, three justices in that case have since been replaced by others.

The rarity of such digital privacy cases rising to the level of the Supreme Court might be simply a function of a crowded court agenda, but it’s not the only possibility.

“Part of it might be because the court has not developed a consensus view about how to approach these yet,” Skorup said. “It’s speculation on my part, but they probably have some ambivalence about taking up cases where they know that they’re not going to speak with one voice, or they know they might speak with fractured voices.”

Google itself filed a brief in the case, but sided with neither party, saying it took no position on the warrant in Chatrie’s specific case.

“But it urges the Court to hold that Google Location History and other similar digital documents stored remotely deserve the Fourth Amendment’s protection,” it wrote. “A contrary rule would leave the intimate details of millions of Americans’ daily lives — data that will exist in many forms as technology rapidly develops — exposed to warrantless surveillance.”

The post The Supreme Court is about to decide how far geofence warrants can go appeared first on CyberScoop.

A federal judge has sentenced the maker of stalkerware pcTattleTale, which went out of business after a data breach, to supervised release and a $5,000 fine.

Bryan Fleming pleaded guilty in January to a charge of intentionally manufacturing, possessing or selling a device with the knowledge that it would be primarily used for surreptitious interception of communications. On Friday, a judge handed down Fleming’s sentence.

It was the first stalkerware conviction since 2014, when the maker of StealthGenie, pled guilty and also didn’t serve prison time, instead receiving a $500,000 fine from the court.

According to Fleming’s plea agreement, his incriminating activity began as early as 2017, as the owner of Fleming Technologies LLC.

“Defendant’s software enabled buyers to covertly and remotely monitor a victim’s cellular telephone and computer activities, including, texts, emails, phone calls, geo-location, and web browsing,” the agreement states. “Defendant began directly advertising his spying software to persons wanting to spy on spouses or partners without their knowledge.”

It continued: “Defendant’s spying software covertly created a video every time a victim’s device was used, which captured any and all activity occurring on the device. The person monitoring the device could log into a remote dashboard and monitor the activity on the victim’s device.”

An undercover agent from Homeland Security Investigations, a division of U.S. Immigration and Customs Enforcement, posed as a marketing affiliate and customer to communicate with Fleming, according to a 2022 indictment.

pcTattletale went out of business in 2024 after suffering a data breach. Researchers have found that stalkerware apps often fail to protect personal information collected during their use.

An attorney for Fleming didn’t immediately respond to a request for comment Monday morning.

The post pcTattleTale stalkerware maker sentence includes fine, supervised release appeared first on CyberScoop.

A federal judge has blocked Perplexity, makers of the Comet AI browser, from accessing user Amazon accounts and making purchases on their behalf.

In an March 9 order, Judge Maxine Chesney of the Northern District Court of California said the temporary injunction reflects the likelihood that Amazon “will succeed on the merits” of its claim that Perplexity’s AI agents violate the Computer Fraud and Abuse Act and the Comprehensive Computer Data Access and Fraud Act.

The court held that Amazon “has provided strong evidence that Perplexity, through its Comet browser, accesses with the Amazon user’s permission but without authorization by Amazon, the user’s password-protected account.”

Per the ruling, Perplexity must prohibit Comet from accessing, attempting to access, assisting, instructing or providing the means for others to access Amazon user accounts. Perplexity must also delete all Amazon account and customer data it collected along the way.

Perplexity told the court that the purchases were legitimate and legal because their users had authorized their AI agent to make the purchases on their behalf. But Amazon has explicitly denied them such permission, saying the agents make mistakes, interfere with Amazon’s own algorithm and place their users at an elevated cybersecurity risk.

Additionally, Chesney wrote that Amazon has incurred “significantly more” than $5,000 needed to qualify as computer fraud, including the cost of time spent by Amazon employees to develop new web tools to block Comet’s access to private customer accounts and detect future unauthorized access by the browser.

According to Amazon, they have asked Perplexity officials on five separate occasions to cease covertly accessing Amazon’s store with its agents. In a cease-and-desist letter sent to Perplexity Oct. 31, 2025, attorney Moez Kaba of law firm Hueston Hennigan wrote to Perplexity, alleging the automated purchases degrade the online shopping experience for Amazon customers.

Amazon requires AI agents to digitally identify themselves when using the e-commerce platform. But they alleged Perplexity executives “refused to operate transparently and have instead taken affirmative steps to conceal its agentic activities in the Amazon Store,” including configuring their software to covertly pose as human traffic.

“Such transparency is critical because it protects a service provider’s right to monitor AI agents and restrict conduct that degrades the customer shopping experience, erodes customer trust, and creates security risks for our customers’ private data,” wrote Kaba.

Additionally, such agents could pose a further risk to Amazon through cybersecurity vulnerabilities exploited by cybercriminals to hijack AI browsers like Comet.

The lack of response from Perplexity executives to earlier entreaties from Amazon may have played a role in the court’s injunction, with Chesney noting that Amazon was likely to suffer irreparable harm without court intervention because “Perplexity has made clear that, in the absence of the relief requested, it will continue to engage in the above-referenced challenged conduct.”

The case could have broader implications for the way commercial AI agent tools are designed and how far they can legally act on a person’s behalf. Notably, while Amazon opposes Comet’s AI-directed purchases, Perplexity claims that its users have given them permission to make purchases on their behalf.

Perplexity argued a court order halting their AI’s activities would go against the public interest, depriving them of consumer choice and innovation. Chesney concluded the opposite, endorsing Amazon’s argument that the public has a greater interest in protecting their computers from unauthorized access.

Perplexity did not respond to a request for comment on the ruling at press time.

You can read the injunction below.

The post Federal judge blocks Perplexity’s AI browser from making Amazon purchases appeared first on CyberScoop.