May 21, Microsoft released an official blog post stating that the Microsoft Digital Crimes Unit had filed a lawsuit against Lumma Stealer (hereinafter referred to as "lumma") on May 13.
Microsoft's official website
According to the blog information, Lumma is an information-stealing malware commonly used by hundreds of cyber threat actors. Lumma steals passwords, credit cards, bank accounts, and cryptocurrency wallets, enabling criminals to extort ransom from schools, steal bank accounts, and disrupt critical services.
Microsoft stated that during the period from March 16 to May 16, more than 394,000 Windows computers worldwide were found to be infected with the Lumma malware. Currently, Microsoft has collaborated with relevant departments to sever the connection between this malicious software and users. In addition, over 1,300 domains seized or transferred by Microsoft will be redirected to Microsoft's vulnerability points.
The blog said that Microsoft's DCU (Digital Crime Unit) seized and assisted in closing, suspending, and blocking approximately 2,300 malicious domains that constitute the Lumma infrastructure network based on a court order. Meanwhile, the US Department of Justice (DOJ) seized the central command structure of Lumma and dismantled the underground marketplace selling tools to other cybercriminals. The European Cybercrime Center (EC3) of Europol and the Japan Cybercrime Control Center (JC3) assisted in suspending the local Lumma infrastructure operations.
Since 2022, Lumma has been marketed and sold through underground forums, and its developers have continuously released new versions to enhance its functionality over the years.
According to the blog, Lumma is easy to spread, difficult to detect, and can be programmed to bypass certain security defenses, making it the preferred tool for cybercriminals and online threat actors. It disguises itself as trusted brands such as Microsoft and spreads through various channels such as spear-phishing emails and malicious advertisements. For example, in March 2025, Microsoft's Threat Intelligence Team discovered a phishing campaign impersonating the online travel platform Booking.com. This campaign used various credential-stealing malware, including Lumma, to carry out financial fraud and theft.
In addition, Lumma has also been used in attacks targeting gaming communities and educational systems and poses a continuous threat to global security. Reports from multiple cybersecurity companies indicate that this malware has been used to attack critical infrastructure sectors such as manufacturing, telecommunications, logistics, finance, and healthcare.
Microsoft stated that they have collaborated with government and industry institutions, including cybersecurity companies ESET, Bitsight, Lumen, Cloudflare, CleanDNS, and GMO Registry. Microsoft's Data Center (DCU) will continue to adapt and innovate to combat cybercrime and help ensure the safety of critical infrastructure, customers, and online users.
This article is an exclusive contribution from Observer Network and cannot be reprinted without permission.
Original source: https://www.toutiao.com/article/7507465098492690979/
Disclaimer: The views expressed in this article are solely those of the author. Please express your opinions by using the "like/dislike" buttons below.