1 day ago
111
Windows 11 operating system logo is displayed on a laptop screen for illustration photo.
Beata Zawrzel | Nurphoto | Getty Images
Microsoft said Wednesday that it broke down the Lumma Stealer malware project with the help of law enforcement officials across the globe.
The tech giant said in a blog post that its digital crimes unit discovered over 394,000 Windows computers were infected by the Lumma malware worldwide between March 16 through May 16.
The Lumma malware was a favorite hacking tool used by bad actors, Microsoft said in the post. Hackers used the malware to steal passwords, credit cards, bank accounts and cryptocurrency wallets.
Microsoft said its digital crimes unit was able to dismantle the web domains underpinning Lumma's infrastructure with the help of a court order from the U.S. District Court for the Northern District of Georgia.
The U.S. Department of Justice then took control of Lumma's "central command structure" and squashed the online marketplaces where bad actors purchased the malware.
The cybercrime control center of Japan "facilitated the suspension of locally based Lumma infrastructure," the blog post said.
"Working with law enforcement and industry partners, we have severed communications between the malicious tool and victims," Microsoft said in the post. "Moreover, more than 1,300 domains seized by or transferred to Microsoft, including 300 domains actioned by law enforcement with the support of Europol, will be redirected to Microsoft sinkholes."
Microsoft said that other tech companies like Cloudflare, Bitsight and Lumen also helped break down the Lumma malware ecosystem.
Hackers have been buying the Lumma malware via underground online forums since at least 2022, all while developers were "continually improving its capabilities," the blog post said. The malware has become the "go-to tool for cybercriminals and online threat actors" because it's easy to spread and break through some security defenses with the right programming, the company said.
In one example of how criminals used Lumma, Microsoft pointed to a March 2025 phishing campaign in which bad actors misled people into believing they were part of the Booking.com online travel service. These cyber criminals used the Lumma malware to carry out their financial crimes in this scheme, the company said.
Additionally, Microsoft said that hackers have used the Lumma to attack online gaming communities and education systems, while other cybersecurity companies have noted that the malware has been used in cyber attacks targeting manufacturing, logistics, healthcare and other related critical infrastructure.
WATCH: Palo Alto Networks shares drop 4% despite earnings beat.
English (US)