Microsoft Cracks Down on Lumma Malware: 394,000 Windows Computers Infected
In a major victory against cybercrime, Microsoft has revealed that it has successfully dismantled the Lumma Stealer malware project with the help of law enforcement officials worldwide. The tech giant's digital crimes unit discovered that over 394,000 Windows computers were infected by the malicious software between March 16 and May 16.
The Lumma malware was a popular hacking tool used by bad actors to steal sensitive information such as passwords, credit cards, bank accounts, and cryptocurrency wallets. Hackers would use this malware to gain unauthorized access to these systems, causing significant financial and reputational damage to victims.
In a statement on its blog post, Microsoft revealed that its digital crimes unit worked closely with law enforcement officials across the globe to dismantle the web domains underpinning Lumma's infrastructure. The U.S. Department of Justice obtained a court order from the U.S. District Court for the Northern District of Georgia to seize control of Lumma's central command structure.
The U.S. Department of Justice then took over Lumma's online marketplaces where bad actors would purchase and distribute the malware. Additionally, the cybercrime control center of Japan facilitated the suspension of locally based Lumma infrastructure. This coordinated effort allowed Microsoft to sever communications between the malicious tool and its victims.
Microsoft also highlighted the support of other tech companies in breaking down the Lumma malware ecosystem. Cloudflare, Bitsight, and Lumen joined forces with Microsoft to take down the malware's online presence. The company noted that hackers have been buying the Lumma malware through underground online forums since at least 2022, continually improving its capabilities.
The Lumma malware has become a go-to tool for cybercriminals and online threat actors due to its ease of use and ability to spread quickly, bypassing some security defenses. Microsoft pointed to an example of this in a March 2025 phishing campaign where bad actors misled people into believing they were part of the Booking.com online travel service.
These cybercriminals used the Lumma malware to carry out their financial crimes in the scheme. Additionally, Microsoft reported that hackers have used Lumma to attack online gaming communities and education systems. Cybersecurity companies have also noted that the malware has been used in cyberattacks targeting manufacturing, logistics, healthcare, and other critical infrastructure.
Microsoft's success in taking down the Lumma malware serves as a reminder of the ongoing battle against cybercrime. The company's efforts demonstrate its commitment to protecting its users and the broader tech community from these threats.
In a statement, Microsoft said: "Working with law enforcement and industry partners, we have severed communications between the malicious tool and victims... We will continue to work tirelessly to ensure that our customers and the global community are protected from these types of threats."