In a major cybercrime announced by Microsoft after its bust, the Lumma Stealer malware project has infected more than 394,000 Windows computers globally.
See the tweet below!
Microsoft achieved the dismantling of the malware with the help of various law enforcement agencies in a coordinated effort that promises to strike a heavy blow against cybercriminals exploiting this dangerous software.
In an official statement on Wednesday, May 21, 2025, Microsoft revealed that the Lumma malware had been active since mid-March, exploiting vulnerable systems to hijack sensitive data such as passwords, credit cards, bank accounts, and even cryptocurrency wallets.
Microsoft’s digital crimes unit worked closely with partners worldwide, including the U.S. Department of Justice, to dismantle the infrastructure of Lumma.
They have successfully severed communications between the malicious malware and its unknowing victims, NBC Philadelphia reports.
This extensive operation involved a key legal maneuver, as Microsoft obtained a court order from the U.S. District Court for the Northern District of Georgia to seize Lumma’s infrastructure.
The Department of Justice took control of Lumma’s command operations and closed down online marketplaces peddling the malware.
“Microsoft said Wednesday that it broke down the Lumma Stealer malware project with the help of law enforcement officials across the globe.” said Microsoft in a blog post.
This successful dismantling was further aided by Japan’s cybercrime control center, which suspended Lumma’s local infrastructure.
Over 1,300 domains associated with Lumma were seized or redirected to Microsoft-controlled sinkholes, a strategic move to cut off the malware ecosystem at its heart.
Microsoft praised the international collaboration that made this operation possible, which involved contributions from other tech giants such as Cloudflare, Bitsight, and Lumen.
The Lumma Stealer malware had been widely sold on underground forums since at least 2022, favored by cybercriminals for its ability to spread quickly and evade some security defenses.
The malware was developed by a figure known only as “Shamel” and was particularly notorious for its usage in phishing campaigns, impersonating legitimate organizations like Booking.com to commit financial fraud.
Looking forward, cybersecurity experts warn that as technology continues to evolve, so too will the sophistication of cyber threats.
The Lumma case highlights the ongoing vulnerabilities present in our digital infrastructure, especially concerning supply chain complexities where oversight is lax.
Microsoft, alongside global partners, remains committed to tackling these threats, with hopes that such a coordinated response could set a precedent for future cybersecurity defenses.
Over the past year, Microsoft Threat Intelligence observed the persistent growth and operational sophistication of Lumma Stealer, an infostealer malware used by multiple financially motivated threat actors to target various industries. https://t.co/4VkrKnZBJy
— Microsoft Threat Intelligence (@MsftSecIntel) May 21, 2025
