In a significant international operation, the FBI, Europol, and Microsoft have successfully disrupted the Lumma Stealer malware network, which has been linked to approximately 10 million infections worldwide. This coordinated effort involved seizing critical infrastructure and malicious domains associated with the malware, marking a major victory in the fight against cybercrime.

Key Takeaways

• Lumma Stealer: A widely used infostealer malware that has infected around 10 million devices globally.

• Malware-as-a-Service: Lumma operated on a subscription model, making it accessible to less-skilled cybercriminals.

• Global Collaboration: The operation involved multiple international law enforcement agencies and cybersecurity firms.

• Seizure of Domains: Approximately 2,300 malicious domains were taken down, disrupting Lumma's command-and-control infrastructure.

Overview of Lumma Stealer

Lumma Stealer, also known as LummaC2, is a sophisticated malware that has been marketed as a service since 2022. Developed by a Russian cybercriminal known as "Shamel," it allows users to purchase access through subscription tiers ranging from $250 to $1,000 per month. This model has enabled a wide range of cybercriminals to deploy the malware with minimal technical expertise.

The malware primarily spreads through phishing emails and malicious websites, often impersonating trusted brands to trick users into downloading it. Once installed, Lumma can steal sensitive information, including passwords, credit card details, and cryptocurrency wallets.

The Takedown Operation

Between March 16 and May 16, 2025, Microsoft identified over 394,000 Windows computers infected by Lumma. In response, a coordinated effort led to the seizure of about 2,300 malicious domains that formed the backbone of Lumma's infrastructure. This operation was executed under a court order from the U.S. District Court of the Northern District of Georgia.

Key actions taken during the operation included:

1. Seizure of Domains: Authorities blocked access to critical domains used for Lumma's command and control.

2. Disruption of Marketplaces: The operation targeted the online marketplaces where Lumma was sold to other cybercriminals.

3. International Cooperation: Agencies from the U.S., Europe, and Japan collaborated to suspend Lumma's infrastructure globally.

Impact of the Operation

The disruption of Lumma Stealer is expected to have a significant impact on cybercrime operations. By cutting off access to the malware's infrastructure, law enforcement aims to slow down the speed at which cybercriminals can launch attacks and minimize their effectiveness.

The FBI estimates that Lumma facilitated losses of approximately $36.5 million in credit card theft alone in 2023. The malware's ability to siphon sensitive data has made it a tool of choice for various cybercriminal activities, including extortion and data theft across multiple sectors, including education, finance, and healthcare.

Looking Ahead

While this operation represents a major step forward in combating cybercrime, experts warn that cybercriminals are persistent and may attempt to rebuild their infrastructure. The FBI and Microsoft have indicated that they will continue to monitor and disrupt any attempts to re-establish Lumma's operations.

This successful takedown underscores the importance of global collaboration in addressing cyber threats. As cybercriminals become increasingly sophisticated, ongoing partnerships between public and private sectors will be crucial in safeguarding users from digital attacks.

As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Sources

• Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool, The Official Microsoft Blog.

• Lumma Stealer toppled by globally coordinated takedown, CyberScoop.

• Lumma infostealer’s infrastructure seized during US, EU, Microsoft operation, The Record from Recorded Future News.

• Microsoft Hits Back After Lumma Stealer Affects Thousands of PCs, TechJuice.