- Select a language for the TTS:
- UK English Female
- UK English Male
- US English Female
- US English Male
- Australian Female
- Australian Male
- Language selected: (auto detect) - EN
Play all audios:
Microsoft has joined forces with global law enforcement and cybersecurity partners to dismantle the infrastructure behind ‘Lumma Stealer’ – a notorious malware tool at the heart of hundreds
of cyberattacks worldwide.
In a coordinated operation involving Europol, Japan’s JC3, and the US Department of Justice, Microsoft’s Digital Crimes Unit (DCU) secured a court order to seize more than 2,300 domains
linked to Lumma.
The move aims to cripple the malware’s reach and disrupt a key tool used by cybercriminals to steal passwords, banking details, and crypto wallets.
Lumma has been marketed since 2022 as a Malware-as-a-Service (MaaS), with its developer – an individual operating under the alias ‘Shamel’ from Russia – offering subscription plans via
Telegram and underground forums.
Microsoft identified nearly 400,000 Windows devices infected with Lumma between March and May 2025 alone.
Global heat map showing the distribution of Lumma Stealer malware infections on Windows devices. Image credit: Microsoft
Often deployed through phishing emails and fake online ads, Lumma impersonates trusted brands like Microsoft and Booking.com. It has been linked to attacks targeting schools, hospitals, and
financial institutions, as well as ransomware groups like Octo Tempest.
The global crackdown also targeted the command-and-control servers and dark web markets selling Lumma.
Domains seized in the operation now redirect to Microsoft-controlled “sinkholes”, allowing real-time threat intelligence gathering and improved protection for users and organisations. ESET,
BitSight, Lumen, Cloudflare, and CleanDNS also played key roles in dismantling Lumma’s infrastructure.
Microsoft’s Assistant General Counsel Steven Masada said: “Disrupting the tools cybercriminals frequently use can create a significant and lasting impact on cybercrime, as rebuilding
malicious infrastructure and sourcing new exploit tools takes time and costs money.
“By severing access to mechanisms cybercriminals use, such as Lumma, we can significantly disrupt the operations of countless malicious actors through a single action.”
Microsoft has urged users to enable multi-factor authentication, stay cautious with email links, and keep security software up to date to guard against threats like Lumma.
About Post AuthorJoe GallopShareCyberattack, cybersecurity, Microsoft