Microsoft and Global Agencies Dismantle Lumma Malware Network

On May 21, 2025, Microsoft announced the successful takedown of Lumma Stealer, a notorious malware that compromised over 394,000 Windows computers between March 16 and May 16. The operation, led by Microsoft’s Digital Crimes Unit (DCU), involved collaboration with the U.S. Department of Justice, Europol, Japan’s Cybercrime Control Center, and cybersecurity firms like Cloudflare and ESET.

Lumma Stealer, also known as LummaC2, functioned as a Malware-as-a-Service platform, enabling cybercriminals to steal sensitive data such as passwords, financial information, and cryptocurrency wallets. Its developers, operating under the alias “Shamel,” marketed the malware on underground forums, offering customizable features to bypass security defenses.

Also read: Microsoft Xbox Elite Series 2 controller Gets A Limited Time Discount, Here’s How To Avail It

The coordinated effort led to the seizure of approximately 2,300 domains integral to Lumma’s infrastructure. Additionally, authorities disrupted the malware’s command-and-control systems and the marketplaces facilitating its distribution. Many of the seized domains have been redirected to Microsoft-controlled servers to monitor and mitigate further threats.

This takedown underscores the importance of international cooperation in combating cyber threats. While the operation dealt a significant blow to Lumma’s operations, experts warn that the threat from similar infostealing malware remains high, necessitating continued vigilance and collaboration among global cybersecurity entities.