Microsoft Uncovers Lumma Password Stealer on 394,000 Windows PCs Globally

Microsoft and law enforcement have successfully taken down Lumma, a notorious info-stealing malware operation, after it was discovered on over 394,000 Windows PCs worldwide. The majority of affected systems were located in Brazil, Europe, and the United States, highlighting the global reach of this cyber threat.

The tech giant initiated civil action, prompting a federal court to seize 2,300 domains that constituted the malware’s command and control (C2) infrastructure. These servers were crucial for Lumma’s operation, enabling cybercriminals to manage and control the infected devices. In a parallel effort, the Justice Department seized five additional domains directly involved in operating the Lumma infrastructure, further disrupting the malware’s network.

Lumma password stealer typically infiltrates systems through compromised games or cracked applications downloaded from untrusted sources. Once a system is infected, the malware extracts sensitive information, including logins, passwords, credit card details, and cryptocurrency wallet data. This stolen information is then often sold to other cybercriminals, fueling further illicit activities. Moreover, Lumma can serve as a backdoor, allowing hackers to deploy additional malware, such as ransomware, onto compromised systems.

Password-stealing malware like Lumma has been implicated in several high-profile cyberattacks, leading to significant data breaches at tech companies. Past incidents involving similar malware have targeted companies like PowerSchool and Snowflake, resulting in the theft of vast amounts of sensitive data.