In a major international cybercrime crackdown, the FBI, Europol, and Microsoft have successfully taken down the Lumma Stealer malware network. This malware had infected around 10 million devices worldwide.
LummaC2 was unique in its attack as it operated as a malware-as-a-service (MaaS). Cybercriminals could buy access through monthly subscription plans that ranged from $250 to $1,000. The malware was developed by an individual using the alias “Shamel” and spread through phishing emails and malicious websites. This business-like model made it easier for less-skilled attackers to deploy powerful malware.
Between March 16 and May 16, 2025, Microsoft tracked over 394,000 Windows computers infected with Lumma Stealer. In response, authorities seized about 2,300 malicious domains. These domains were critical to the malware’s command-and-control infrastructure. Taking them down cut off communication between infected systems and Lumma’s operators.
The takedown of Lumma Stealer is a significant blow to global cybercrime networks. It disrupted a widely-used tool for stealing sensitive information, including passwords, financial data, and cryptocurrency wallets. By targeting the malware’s core infrastructure and blocking access for paying customers, the operation severely hindered its reach and effectiveness.
This successful operation highlights the importance of cross-border cooperation in tackling cyber threats. With hackers and cybercriminals becoming more sophisticated, global partnerships and proactive action are crucial to keep users safe from digital attacks. The fight continues, but this victory shows what’s possible when the public and private sectors join forces.