Microsoft said on Wednesday, May 21 its Digital Crimes Unit partnered with law enforcement and cybersecurity agencies to disrupt an information-stealing malware that infected hundreds of thousands of Windows computers in the last two months.
The unit filed a legal action against Lumma Stealer last week after it found 394,000 Windows computers globally infected with the malware between March 16 and May 16, Windows said in a statement on its blog, calling it a “favored” malware used by criminals to steal passwords, credit cards, bank accounts and cryptocurrency wallets.
“Typically, the goal of Lumma operators is to monetize stolen information or conduct further exploitation for various purposes,” Microsoft said. “Lumma is easy to distribute, difficult to detect, and can be programmed to bypass certain security defenses, making it a go-to tool for cybercriminals and online threat actors.”
Cybersecurity: FBI says these 13 old internet routers are vulnerable to attacks. Is yours on the list?
The investigative unit helped in the “takedown, suspension, and blocking of malicious domains that formed the backbone of Lumma’s infrastructure,” after it was granted a court order by the U.S. District Court of the Northern District of Georgia, the blog said.
The U.S. Department of Justice assisted, Microsoft said, taking control of Lumma’s central command structure and disrupting the marketplaces where the tool was sold. Europol’s European Cybercrime Center and Japan’s Cybercrime Control Center also aided in dismantling Lumma infrastructure, which has “severed communications between the malicious tool and victims,” according to the blog post.
The Department of Justice said on Wednesday it seized five internet domains used by malicious cyber actors to operate the Lumma malware service. The FBI’s Dallas Field Office is investigating the case, according to Reuters.
“The growth and resilience of Lumma Stealer highlight the broader evolution of cybercrime and underscores the need for layered defenses and industry collaboration to counter threats,” Microsoft said in a separate blog post on the malware.
Contributing: Reuters.
Kathryn Palmer is a national trending news reporter for USA TODAY. You can reach her at kapalmer@usatoday.com and on X @KathrynPlmr.
This article originally appeared on USA TODAY: Microsoft squashes malware infecting 394,000 Windows computers
