Microsoft Says Nearly 400,000 Windows Computers Infected By Lumma Malware

In a significant move to combat cyber threats, Microsoft has revealed that nearly 400,000 Windows computers worldwide have been infected by the notorious Lumma Stealer malware. This malicious software, also known as a malware-as-a-service offering, has been wreaking havoc on unsuspecting victims for months.

According to Microsoft, the infection wave began on March 16 and continued until May 16, with over 394,000 Windows computers globally falling prey to Lumma's malicious tactics. The company claims to have severed communications between the malware and its victims worldwide, effectively disrupting the malware's ability to spread further.

As part of its efforts to combat Lumma, Microsoft has also seized control of over 1,300 domains used by the malware. These domains will be redirected to Microsoft sinkholes – controlled domains used to capture and evaluate malicious traffic. Additionally, Microsoft has facilitated the takedown, suspension, and blocking of malicious domains that served as the core of Lumma's operation.

The Justice Department has also joined forces with Microsoft to seize the "central command structure" for Lumma, effectively disrupting the marketplace where hackers purchase this malware-as-a-service offering. This move marks a significant victory in the fight against cybercrime and serves as a warning to those who would seek to exploit vulnerable computer systems.

What is Lumma Stealer?

Lumma Stealer is a Russian-made malware that impersonates trusted brands, allowing hackers to steal sensitive information or disrupt victim's systems. It has been used in various phishing attacks, targeting passwords, banking information, and cryptocurrency wallets. This malware-as-a-service offering is sold on underground forums to hackers who use it to monetize stolen data or exploit victims.

The malware has been linked to several high-profile hacking campaigns, including one that used phishing attacks impersonating Booking.com, an online travel agency. It has also targeted gaming communities and various sectors such as healthcare, telecommunications, finance, manufacturing, and logistics.

A Growing Threat Landscape

According to recent research from Check Point, a leading IT software firm, cyber attacks have increased significantly in 2025, with the global education sector experiencing the highest number of attacks in the first quarter. The World Economic Forum has also reported that supply chain vulnerabilities are the top cyber risk, citing the increased complexity of modern supply chains and a lack of oversight into suppliers' cybersecurity capabilities as major contributors to this issue.

New technologies such as generative artificial intelligence are being used by cybercriminals to stage increasingly sophisticated attacks, including phishing and social engineering tactics. As the threat landscape continues to evolve, it is essential for individuals, businesses, and governments to stay vigilant and take proactive measures to protect themselves against these emerging threats.