Microsoft has initiated a comprehensive legal and technical offensive against Lumma Stealer, a notorious information-stealing malware responsible for compromising nearly 400,000 Windows systems worldwide between March and May 2025. This concerted effort, in collaboration with international law enforcement agencies, marks a significant stride in combating cybercrime.
On May 21, a federal court in Georgia authorized Microsoft’s Digital Crimes Unit (DCU) to dismantle the infrastructure supporting Lumma Stealer. Consequently, approximately 2,300 domains integral to the malware’s operations were taken down, blocked, or suspended. Additionally, the U.S. Department of Justice seized Lumma’s central command structure and disrupted marketplaces facilitating the malware’s distribution.
Lumma Stealer, also known as LummaC2, has been active since 2022, evolving through multiple iterations to enhance its capabilities. The malware is designed to extract sensitive data from web browsers and applications, including passwords, credit card information, bank account details, and cryptocurrency wallet credentials.
The takedown operation was bolstered by the efforts of Europol’s European Cybercrime Center and Japan’s Cybercrime Control Center, which facilitated the suspension of locally based Lumma infrastructure. Microsoft’s collaboration with these agencies underscores the importance of international cooperation in addressing the growing threat of cybercrime.
Despite this significant disruption, cybersecurity experts caution that the threat from infostealers like Lumma remains high. The malware’s effectiveness and widespread adoption make it a preferred tool for cybercriminals and nation-state actors alike.
Microsoft’s decisive action against Lumma Stealer highlights the evolving nature of cyber threats and the critical need for robust cybersecurity measures. The company’s ongoing commitment to protecting users and dismantling malicious networks serves as a model for industry-wide efforts to combat cybercrime.
