Photo by Microsoft has said that it dismantled the Lumma Stealer malware network. In collaboration with international law enforcement agencies, the tech firm has seized several malicious domains and disrupted a widespread cybercrime operation.
In a blog post, Microsoft revealed that a federal court in Georgia authorized its digital crimes unit to take down, block, or suspend nearly 2,300 websites essential to Lumma’s operations. The company also worked closely with local and international law enforcement agencies to dismantle the malware’s infrastructure.
Additionally, Microsoft stated that the U.S. Department of Justice seized Lumma’s central command system and disrupted the marketplaces where the malware was sold to other cybercriminals.
Microsoft noted that other tech companies like Cloudflare, BitSight, and Lumen also helped break down the Lumma malware ecosystem.
Microsoft and global agencies shut down Lumma malware infrastructure
Microsoft states that the Lumma Stealer was advertised on underground forums as early as 2022 and that the malware has received multiple updates since then.
Europol’s European Cybercrime Center and Japan’s Cybercrime Control Center also played key roles in shutting down locally based Lumma infrastructure.
Lumma is a malware tool cybercriminals use to steal sensitive data, including passwords, credit card details, bank account information, and cryptocurrency wallet credentials. Microsoft said the malware has become the “go-to tool for cybercriminals and online threat actors” since it’s easy to spread and break through some security defenses with the right programming.
From March 16 to May 16, Microsoft reported detecting more than 394,000 Windows computers infected with Lumma malware. The company collaborated with law enforcement and cybersecurity firms to disrupt communications between the malware and the compromised devices.
In one example, Microsoft highlighted a March 2025 phishing campaign where criminals tricked people into thinking they were dealing with Booking.com. The attackers used Lumma malware to carry out financial theft in this scheme.
Microsoft also reported that hackers have deployed Lumma to target online gaming communities and education systems. Other cybersecurity firms noted its use in attacks on manufacturing, logistics, healthcare, and other critical infrastructure sectors.
Crypto drainers swipe millions as malware goes mainstream
Crypto drainers are malicious software designed to steal the contents of cryptocurrency wallets and are commonly found on phishing sites, harmful browser extensions, fake airdrops, and other scams.
Earlier this week, Chinese printer manufacturer Procolored reportedly distributed Bitcoin-stealing malware bundled with its official drivers, leading to a loss of approximately $953,000 in cryptocurrency.
Last month, an AMLBot report revealed that crypto drainers are now being offered a SaaS (Software-as-a-Service) product, enabling less-skilled cybercriminals to rent the service for as little as $100.
A February 7 report of blockchain analytics company Chainalysis shows around $51 billion in cryptocurrency fraud losses in 2024. The report further detailed the increasing influence of professional crime networks, fraud cartels, nation-state-backed hackers, and AI-enabled scams.
According to the FBI’s cyber arm report, Americans lost around $9.3 billion in 2024 through crypto scams and frauds. Senior citizens over 60 are the most vulnerable.
In the meantime, North Korean hackers have made off with as much as $3 billion in cryptocurrencies from 2017 through 2023. According to the crypto firm Paradigm, these hacking campaigns have become more sophisticated over time.
KEY Difference Wire: the secret tool crypto projects use to get guaranteed media coverage
