Microsoft Finds Password-Stealing Lumma Malware on 394,000 Windows PCs

In a significant operation, Microsoft has successfully taken down approximately 2,300 domains used to distribute the password-stealing Lumma malware to an alarming number of Windows PCs - over 394,000. This malicious software, created by a Russian developer, has been making headlines for its devious tactics to steal sensitive information from unsuspecting users.

Cybercriminals have employed various methods to spread Lumma, including hiding the malware behind fake CAPTCHA tests on dummy websites. For instance, in March, Microsoft detected Lumma on a parody Booking.com website, where hackers aimed to capture login credentials and conduct financial fraud. Other tactics include phishing, malvertising, and Trojan apps.

In phishing attacks, victims might receive urgent emails asking them to confirm bookings or updates. Malvertising involves fake ads appearing in search results for keywords like "Notepad++ download" or "Chrome update." Furthermore, downloading cracked or pirated apps can silently install the malware after launching it.

Lumma's creator was sold the malware via Telegram and other chat forums. Cybercriminals who purchase Lumma can customize it before deploying it. Microsoft has identified at least six versions of Lumma Stealer, with the malware being detected on around 394,000 Windows PCs between March 16 and May 16.

With the help of the Justice Department and other industry partners, Microsoft took down the 2,300 domains that facilitated the spread of Lumma. The malware is now detectable by Windows Defender, providing an added layer of protection for users.

However, it's essential to remain vigilant and take precautions to avoid falling victim to such malicious software. Don't download apps from sources you don't trust, and never engage with websites unless you're sure they're legitimate. Always check the URL and look for inconsistencies.

If you suspect your device is infected by malware, refer to our guide, which provides steps on how to remove it. Staying informed and taking proactive measures can help safeguard your digital security. Remember, prevention is key in this ongoing battle against cyber threats.