An international operation has dismantled the 'Lumma' infrastructure, which is one of the most used malware tools by cybercriminals to steal information such as passwords, credit card details, bank credentials, and cryptocurrency wallet data, Microsoft has announced.
Lumma Stealer, also known as LummaC2, is a Russian-developed info stealer malware that has gained popularity among cybercriminals by promising quick results and ease of use. Because it has been distributed as malware-as-a-service, it was quickly adopted, and cybercriminals didn't need extensive technical knowledge to use and deploy it.
Lumma is widely distributed through phishing campaigns and underground forums. According to Microsoft, between March 16 and May 16, 2025, Lumma infected over 394,000 Windows-powered devices.
Microsoft's Digital Crimes Unit (DCU), in collaboration with Europol, the US Department of Justice, Japan's Cybercrime Control Center and other international law enforcement agencies, have deployed a complex operation to disrupt Lumma's infrastructure that targeted several fronts:
Europol described Lumma as the world's most significant infostealer threat, highlighting the importance of this coordinated cybersecurity intervention.
"This operation is a clear example of how public-private partnerships are transforming the fight against cybercrime. By combining Europol's coordination capabilities with Microsoft's technical insights, a vast criminal infrastructure has been disrupted. Cybercriminals thrive on fragmentation – but together, we are stronger," said the head of Europol's European Cybercrime Centre, Edvardas Šileris.
More importantly, the US Department of Justice (DOJ) seized the Lumma control panel, which was critical to the Lumma marketplace.
The immediate result of the operation is that devices infected with the Lumma stealer will no longer be able to communicate with the command-and-control servers. Unfortunately, there's a very high probability that this malware will adapt and return to the malware-as-a-service market, but at least for now, Internet users are safe from this particular threat.
tags
Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.
View all postsMay 16, 2025
April 03, 2025
March 12, 2025
February 20, 2025