Microsoft revealed Wednesday that its digital crimes unit, in collaboration with law enforcement agencies worldwide, dismantled the Lumma Stealer malware operation. The malware, which had infected over 394,000 Windows computers globally between March 16 and May 16, was a notorious tool used by cybercriminals to steal sensitive data, including passwords, credit cards, and bank accounts.
Global Cooperation to Disrupt Malware Infrastructure
Microsoft worked closely with law enforcement to sever the infrastructure supporting Lumma. The U.S. District Court for the Northern District of Georgia issued a court order that allowed Microsoft to take down the web domains associated with the malware. The U.S. Department of Justice took control of Lumma’s central command structure, effectively dismantling the online marketplaces where cybercriminals purchased the tool. In Japan, the cybercrime control center facilitated the suspension of the malware’s local infrastructure.
Seizing Malicious Domains
Microsoft’s team, in partnership with industry leaders like Cloudflare, Bitsight, and Lumen, seized more than 1,300 domains, including 300 domains that were actioned by law enforcement with the support of Europol. These domains will now be redirected to Microsoft sinkholes to prevent further harm. This collaborative effort has severed the malware’s communication channels with its victims.
The Reach and Impact of Lumma Malware
Lumma has been a popular hacking tool among cybercriminals since at least 2022, continually evolving to breach security defenses more effectively. Microsoft highlighted a phishing campaign in March 2025 where cybercriminals impersonated Booking.com to trick users into providing financial information. The malware also targeted online gaming communities, educational institutions, and critical infrastructure sectors such as manufacturing, logistics, and healthcare.
Ongoing Threat of Malware
Despite the successful takedown of the Lumma network, Microsoft warned that the malware ecosystem is still active, with cybercriminals seeking out new avenues to exploit. The Lumma Stealer incident highlights the growing threat posed by malware in the digital world, and Microsoft continues to collaborate with global partners to ensure the safety of online communities and businesses.
