Lumma Stealer Malware Returns After Takedown Attempt - SecurityWeek

The Lumma Stealer malware has re-emerged following a coordinated takedown by Microsoft and international law enforcement in May 2024, according to Trend Micro research. The original operation disrupted 2,300 malicious domains and seized control panels for the malware that had infected approximately 400,000 Windows systems worldwide. Cybercriminals quickly rebuilt their infrastructure within weeks, deploying hundreds of new command-and-control servers with notable tactical modifications. The reconstructed version relies less on Cloudflare services, instead favouring hosting providers in jurisdictions less cooperative with law enforcement, particularly Russia-based services. Distribution methods have evolved to include fake software repositories on GitHub, compromised websites using social engineering, and social media platforms. The case demonstrates the resilience of cybercriminal operations and illustrates the cyclical challenges facing sustained disruption efforts against adaptable threat actors.​​​​​​​​​​​​​​​​