Microsoft’s Digital Crimes Unit (DCU) and global partners have disrupted Lumma Stealer, one of the most prolific info-stealing malware tools used by cybercriminals. Through a court-authorized takedown on May 13, Microsoft and law enforcement agencies seized over 2,300 domains forming Lumma’s infrastructure, delivering a critical blow to cybercrime networks targeting sensitive personal and institutional data.
Lumma, a Malware-as-a-Service (MaaS) marketed on underground forums since 2022, specializes in stealing passwords, banking credentials, cryptocurrency wallets, and more. Its victims range from individual consumers to schools, banks, and critical service providers. Microsoft identified more than 394,000 Windows systems infected with Lumma between March and May 2025 alone. A majority of these systems were in Brazil, US and parts of Europe.
The operation, approved by the US District Court for the Northern District of Georgia, saw coordination between Microsoft, the U.S. Department of Justice, Europol, and Japan’s Cybercrime Control Center. The DOJ dismantled Lumma’s command infrastructure, while law enforcement helped suspend local networks supporting the malware.
Microsoft is redirecting more than 1,300 seized or transferred domains to its “sinkholes”—a defensive infrastructure that intercepts malicious traffic to monitor and disrupt further attacks. Insights from these sinkholes will aid public and private cybersecurity efforts to investigate, track, and neutralize threats linked to Lumma.
Designed to bypass detection, Lumma has been a favorite among ransomware gangs like Octo Tempest (aka Scattered Spider). It spreads through phishing campaigns, malvertising, and impersonation scams—like a recent attack mimicking Booking.com to commit financial fraud.
Beyond financial theft, Lumma has been deployed against industries such as healthcare, telecom, and logistics, highlighting the broad and persistent threat it poses. “We know cybercriminals are persistent and creative. We, too, must evolve to identify new ways to disrupt malicious activities. Microsoft’s DCU will continue to adapt and innovate to counteract cybercrime and help ensure the safety of critical infrastructure, customers, and online users,” said Microsoft in a blog post.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
