Microsoft has launched a major enforcement operation against the notorious Lumma Stealer malware, with court approval to dismantle thousands of websites tied to the software’s infrastructure.
In a significant cybersecurity crackdown, Microsoft revealed on May 21 that it had secured authorization from a U.S. federal court in Georgia to disable nearly 2,300 websites essential to the operation of Lumma Stealer, a malware tool used to siphon sensitive user data. The effort was led by Microsoft’s Digital Crimes Unit in collaboration with both domestic and international law enforcement agencies.
The tech giant confirmed that the U.S. Department of Justice helped dismantle the malware’s central command systems and shut down illicit marketplaces where Lumma was being distributed to other cybercriminals. The malware has been actively sold through underground forums since 2022 and has undergone multiple updates, making it a persistent threat to global cybersecurity.
The operation included support from Europol’s European Cybercrime Centre and Japan’s Cybercrime Control Centre, which contributed to disabling regionally hosted components of Lumma’s infrastructure.
Microsoft’s investigation uncovered that between March 16 and May 16 alone, over 394,000 Windows devices had been infected by the malware. The company worked alongside cybersecurity partners and authorities to cut off communication channels between infected systems and Lumma’s servers.
Lumma is designed to harvest a broad range of sensitive information, including login credentials, credit card data, bank account details, and cryptocurrency wallet access, posing a significant risk to individuals and institutions alike.
The Lumma takedown comes amid a broader surge in malicious software targeting cryptocurrency users. Crypto drainers—tools designed to empty digital wallets—are increasingly found on phishing sites, fake browser extensions, and counterfeit airdrop campaigns.
Earlier this week, Chinese printer manufacturer Procolored was accused of inadvertently distributing malware with its drivers that allegedly drained nearly $953,000 worth of cryptocurrency.
According to a recent AMLBot report, crypto drainers are now available as a service, enabling even low-skilled cybercriminals to rent them for as little as $100. Chainalysis previously reported that crypto fraud cost users around $51 billion in 2024 alone, driven by sophisticated networks of fraudsters, state-sponsored hackers, and AI-powered scams.
The FBI’s cyber division revealed that U.S. citizens lost $9.3 billion last year to crypto-related fraud, with seniors, especially those over 60, proving to be the most vulnerable demographic.
Between 2017 and 2023, North Korean hacking groups reportedly stole close to $3 billion in digital assets. According to crypto firm Paradigm, these state-backed actors have significantly evolved their tactics, making them among the most dangerous cybercriminals in the world today.
