Microsoft has taken decisive legal action against Lumma Stealer, a notorious malware that has infected nearly 400,000 Windows devices worldwide. The company’s Digital Crimes Unit (DCU), in collaboration with the U.S. Department of Justice (DOJ), has successfully blocked, suspended, or seized approximately 2,300 domains linked to Lumma’s operations2.
Lumma Stealer is a malware-as-a-service (MaaS) tool that cybercriminals use to steal sensitive data, including passwords, credit card details, bank accounts, and cryptocurrency wallets. Since its emergence in 2022, Lumma has evolved through multiple versions, making it increasingly dangerous.
On May 13, 2025, Microsoft filed a legal complaint against Lumma Stealer, targeting its infrastructure and disrupting its ability to operate. The DOJ seized Lumma’s central command structure, effectively cutting off cybercriminals from using the malware. Additionally, Europol’s European Cybercrime Center and Japan’s Cybercrime Control Center assisted in dismantling Lumma’s presence in their respective regions.
Microsoft’s intervention has significantly weakened Lumma’s ability to spread, preventing further infections and protecting users from financial and data theft. However, cybersecurity experts warn that malware threats continue to evolve, and users must remain vigilant by:
This action marks a major victory in the fight against cybercrime, but it also highlights the growing sophistication of malware attacks. As cybercriminals adapt, collaborative efforts between tech companies and law enforcement will be crucial in safeguarding digital infrastructure.
.
For more information on Lumma Stealer: Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer | Microsoft Security Blog
Click here for more information on protecting your PCs with My Ransom Shield: myransomshield.com/contact
