.png)
Sign in to your XDA account
Summary
- Microsoft takes down Lumma malware after it hit nearly 400,000 Windows PCs globally.
- Lumma was so dangerous it allowed criminals to hold educational institutions ransom, wipe out bank accounts.
- Microsoft's DCU also filed legal action to block malicious domains and the central command structure for Lumma.
In just two months, an information-stealing malware called Lumma hit nearly 400,000 Windows PCs globally and stole passwords, credit cards, bank accounts, and cryptocurrency wallets. The malware was so dangerous to the extent that it allowed criminals to hold educational institutions ransom and wipe out back accounts.
While that might not sound like an exceptionally high number given how many Windows users there are worldwide, it’s almost equivalent to the entire population of Tampa, Florida. Thankfully, Microsoft stepped in before it could affect any more PCs.
Related
14 signs your Windows laptop has been hacked (and what to do)
Is your Windows laptop acting possessed? Check common signs that indicate a hacking attempt on your device
Microsoft takes down Lumma Stealer malware
Today, Microsoft announced via a blog post that, working together with law enforcement and industry partners, they managed to take down the Lumma malware. The Malware-as-a-Service, also called LummaC2, was developed by Storm-2477 and hit 394,000 Windows PCs between March 16, 2025, and May 16, 2025.
Lumma has been marketed and sold through "underground forums" since at least 2022, and its goal is typically to profit off stolen information or conduct further exploitation. The worst part is the malware is easy to distribute and difficult to detect, which is one of the worst combos there can be for malware that’s already dangerous. It can also be programmed to bypass certain security defenses. Microsoft's Digital Crimes Unit (DCU) filed legal action against the malware on May 13.
In their complaint, Microsoft claimed that Lumma is "the most widely distributed data-stealing malware family in the world." A court order from the U.S. District Court for the Northern District of Georgia allowed Microsoft's DCU to take down and block around 2,300 malicious domains that formed the backbone of Lumma's infrastructure. They also seized the central command structure for Lumma and managed to dismantle the online marketplaces where the malware was primarily sold.
English (US) ·