A coalition of international law enforcement and technology companies has successfully disrupted the Lumma infostealer malware, which has become one of the most prevalent cyber threats globally. This malware has been exploited by numerous cybercriminals to steal sensitive information, including passwords, credit card data, and cryptocurrency wallet credentials. Developed in Russia, Lumma has been linked to a variety of cybercriminal exploits—ranging from draining bank accounts to launching data extortion attacks targeting educational institutions.
Last week, Microsoft’s Digital Crimes Unit (DCU) secured a court order that allowed them to seize approximately 2,300 domains affiliated with Lumma’s infrastructure. Concurrently, the U.S. Department of Justice took action to dismantle Lumma’s command and control systems and disrupted the cybercriminal marketplaces selling this malware. This operation was part of a larger coordinated effort involving Europol’s European Cybercrime Center and Japan’s Cybercrime Control Center.
Steven Masada, Microsoft’s assistant general counsel, underlined Lumma’s notoriety, stating that it is a favored tool among cybercriminals, particularly the infamous Scattered Spider group. The malware spreads through targeted phishing attacks, often masquerading as legitimate companies, including Microsoft, to mislead victims.
The alarming rise in Lumma’s prevalence was highlighted by Victoria Kivilevich, the director of threat research at Kela, who noted that in 2025 it became the most active malware module, following the earlier disruption of its competitors. Data indicates that over 394,000 Windows devices were compromised by Lumma between mid-March and mid-May of this year. Additionally, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) reported that Lumma was referenced in more than 21,000 cybercrime forum listings in the spring of 2024.
As part of the takedown strategy, companies like Cloudflare played a crucial role, blocking Lumma command and control domains and banning associated accounts to prevent the re-establishment of its infrastructure. This meticulous collaboration aimed to ensure that the malware’s developers could not easily recreate their operations.
While infostealing malware has been a longstanding issue, the surge of such attacks since 2020 underscores the evolving landscape of cybercrime. As cybercriminals increasingly rely on sophisticated distribution methods, including the guise of popular software and services, the need for vigilant cybersecurity practices remains paramount.
This disruption of Lumma serves as a reminder of the ongoing battle against cybercrime, showcasing the effectiveness of collaborative efforts among law enforcement and tech firms to safeguard individuals and institutions from the consequences of such malicious activities. Continued vigilance and enhanced cybersecurity measures could help to mitigate the risks posed by evolving malware threats in the future.