A PYMNTS Company

Disrupting Lumma Stealer: Microsoft Leads Global Action Against Favored Cybercrime Tool

By  |  June 2, 2025

By: Steven Masada (Microsoft On The Issues)

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    In this blog post, Microsoft’s Steven Masada discusses the company’s recent action, in collaboration with international partners, to disrupt Lumma Stealer—a powerful info-stealing malware used by hundreds of cybercriminals. Lumma has been instrumental in stealing passwords, financial data, and cryptocurrency wallets, enabling cyberattacks that have affected schools, banks, and critical infrastructure.

    With authorization from the U.S. District Court in Georgia, Microsoft’s Digital Crimes Unit (DCU) seized around 2,300 malicious domains linked to Lumma’s infrastructure. Simultaneously, the Department of Justice dismantled Lumma’s command structure and shut down its sales platforms. Key international partners, including Europol and Japan’s Cybercrime Control Center, also assisted in suspending local components of the malware network.

    Between March and May 2025, Microsoft detected nearly 400,000 Windows devices infected with Lumma globally. Through domain seizures and redirection to secure sinkholes, Microsoft has severed the malware’s communication channels. This disruption will allow Microsoft and its partners to gather intelligence, strengthen cybersecurity defenses, and slow future attacks by undermining the financial and operational infrastructure of cybercriminal networks…

    CONTINUE READING…