Microsoft has launched a major cyber operation against Lumma Stealer, a powerful malware that infected more than 394,000 Windows devices globally. The effort involved key collaboration with the U.S. Department of Justice, Europol, and Japan’s Cybercrime Control Center.
Within just two months, Lumma Stealer managed to steal users’ passwords, credit card details, and cryptocurrency wallet data. The malware operated as a Malware-as-a-Service (MaaS), allowing cybercriminals to customize and deploy it with ease.
2,300 malicious domains targeted linked to the malware’s operations
Microsoft’s Digital Crimes Unit (DCU) identified and targeted more than 2,300 malicious domains linked to the malware’s operations. Over 1,300 domains were successfully rerouted to Microsoft-controlled servers, cutting communication between infected devices and Lumma’s command infrastructure.
The malware, originally launched via underground forums in 2022, was developed by a Russian-speaking actor known as “Shamel.” He sold the tool through Telegram channels, offering multiple subscription tiers and enabling widespread use.
Scattered Spider hacking group active users of malware
Cybercriminals distributed Lumma Stealer through phishing emails, fake ads, and impersonations of well-known brands—ironically even Microsoft itself. One of the most active users of this malware included the notorious Scattered Spider hacking group.
The malware’s ease of use, adaptability, and rich feature set made it a favorite in the cybercrime world. It could extract data from browsers, steal credentials, and even drop additional malware payloads.
While this takedown marks a significant blow to Lumma Stealer’s infrastructure, Microsoft warned that info-stealers continue to pose a serious and growing threat to individuals and organizations alike.
The company urged users to keep their devices updated, use trusted security software, and avoid suspicious emails or downloads. This campaign serves as a wake-up call for businesses to reinforce their cybersecurity defenses against rapidly evolving threats.