Lumma infostealer’s infrastructure seized during US, EU, Microsoft operation therecord.media/lumma-inf…

Law enforcement agencies and cybersecurity firms coordinated a global takedown of the infrastructure of the Lumma malware — a powerful information-stealing tool used by cybercriminals to target dozens of industries.

Steven Masada, assistant general counsel at Microsoft’s Digital Crimes Unit, said in a blog post Wednesday that the malware, sometimes referred to as LummaC2, “steals passwords, credit cards, bank accounts, and cryptocurrency wallets and has enabled criminals to hold schools for ransom, empty bank accounts, and disrupt critical services.”

In a briefing with reporters on Wednesday, FBI officials said they have been investigating Lumma since September 2023 and have since found around 10 million infections. The FBI has tracked thousands of paying Lumma customers, with $250, $500 and $1,000 monthly subscription tiers available.

Microsoft said it identified more than 394,000 Windows computers infected with Lumma malware between March and May this year. The company worked with Europol, the U.S. and Japan on an operation disrupting Lumma’s technical infrastructure, effectively cutting off communications between the malicious tool and victims.