Microsoft has collaborated with global authorities to neutralize the Lumma Stealer malware network, which had compromised over 394,000 Windows computers worldwide between March and May 2025. This operation marks a critical achievement in global cybersecurity, emphasizing the importance of international cooperation against cybercrime.

Understanding Lumma Stealer

Lumma Stealer, also referred to as LummaC2, is a sophisticated Malware-as-a-Service (MaaS) tool. Developed by a cybercriminal named “Shamel,” it collects passwords, banking credentials, credit card information, and cryptocurrency wallets from infected devices. Its stealth and accessibility made it a favored tool among cybercriminals globally.

Legal Measures and Domain Seizure

Microsoft’s Digital Crimes Unit (DCU) filed a legal action in the U.S. District Court for the Northern District of Georgia, resulting in the seizure of approximately 2,300 domains linked to Lumma Stealer. Over 1,300 of these domains were redirected to Microsoft-controlled sinkhole servers, enabling continuous monitoring and intelligence collection.

DOJ’s Strategic Role

The U.S. Department of Justice (DOJ) seized Lumma Stealer’s command-and-control infrastructure and disrupted online marketplaces where the malware was sold. These actions curtailed further distribution and revenue streams for cybercriminals, significantly reducing the malware’s global impact.

Europol’s Contribution

Europol’s European Cybercrime Centre facilitated international coordination, ensuring that law enforcement actions were synchronized across multiple countries. This minimized the risk of malware migration or reinfection, ensuring the operation’s success.

Malware Propagation Methods

Lumma Stealer spread primarily via phishing campaigns, malicious software downloads, and fake software updates. Once installed, it harvested data from browsers, file directories, and cryptocurrency wallets. Its stealthy operations made it challenging to detect and remediate without coordinated global intervention.

Impact on Users and Organizations

Both individuals and enterprises were affected, facing identity theft, unauthorized transactions, and compromised sensitive data. Organizations reported breaches of internal and customer information. The takedown of Lumma Stealer mitigates these risks and restores a safer digital environment for users worldwide.

Microsoft’s Cybersecurity Leadership

This operation highlights Microsoft’s commitment to digital safety. Through legal action, technology, and collaboration with global authorities, Microsoft successfully dismantled one of the most widespread infostealer campaigns. The operation underscores the value of public-private partnerships in fighting cybercrime.

Key Takeaways

• Lumma Stealer infected over 394,000 computers worldwide.

• Microsoft DCU, DOJ, and Europol coordinated the operation.

• 2,300 malicious domains seized; 1,300 redirected to sinkhole servers.

• Malware targeted sensitive data including passwords and cryptocurrency wallets.

• International collaboration is essential for effective cyber defense.

Read Full Article : https://bizinfopro.com/news/it-news/microsoft-and-global-authorities-dismantle-lumma-stealer-malware-network-2/

About Us : BizInfoPro is a modern business publication designed to inform, inspire, and empower decision-makers, entrepreneurs, and forward-thinking professionals. With a focus on practical insights and in‑depth analysis, it explores the evolving landscape of global business—covering emerging markets, industry innovations, strategic growth opportunities, and actionable content that supports smarter decision‑making.