Lumma Stealer Malware

• 23 May 2025

On 21st May 21, 2025, Microsoft announced a large-scale takedown of Lumma Stealer, a notorious malware that infected over 394,000 Windows PCs between March 16 and May 16 this year.

Key Points

• Lumma Stealer: A “Malware-as-a-Service” tool that targets web browsers like Chrome, Edge, and Firefox to steal data including passwords, crypto wallets, and banking info.
• Distribution Tactics: Delivered via phishing emails and malvertising campaigns disguised as trusted brands like Microsoft and Booking.com.
• Fake AI Tools: In late 2024, cybercriminals used fake video editing apps like EditPro laced with Lumma to compromise users.
• Takedown Operation: Led by Microsoft’s Digital Crimes Unit, in coordination with the U.S. DOJ, Europol, and Japan’s JC3; over 2,300 malicious domains seized.
• Global Impact: Lumma has links to ransomware, financial theft, and school security breaches—making it one of the most widely used info-stealing tools globally.
• Marketplace Disruption: Authorities have also dismantled underground marketplaces selling Lumma, cutting off access to its infrastructure.