Microsoft and law enforcement officials have executed a court-authorized takedown of Lumma, a widely-used password-stealing malware discovered on approximately 394,000 Windows computers around the globe. The infected devices were primarily located in Brazil, Europe, and the United States.
The coordinated action involved Microsoft’s civil request for a federal court to seize control of roughly 2,300 domains identified as integral parts of Lumma’s command-and-control network. Separately, the U.S. Justice Department seized five additional domains directly linked to the operation of the malware’s infrastructure.
Typically hidden in pirated games and unauthorized software downloads online, Lumma steals sensitive user information including login credentials, passwords, credit card details, and cryptocurrency wallet data. Cybercriminals often sell this stolen data on underground markets, fueling further malicious activities. Additionally, Lumma can act as a backdoor, enabling attackers to deploy further malware such as ransomware onto compromised machines.
Infostealers similar to Lumma have previously been tied to significant security incidents, notably breaches affecting high-profile technology companies such as PowerSchool and Snowflake, where large amounts of sensitive internal data were compromised.
