Microsoft has launched a significant legal effort against the notorious Lumma Stealer malware, which has compromised nearly 400,000 Windows devices worldwide in just two months.
Through its Digital Crimes Unit (DCU), Microsoft filed a legal complaint in the U.S. District Court for the Northern District of Georgia, aiming to dismantle the malicious infrastructure behind the malware. Lumma Stealer is designed to extract sensitive information from web browsers, applications, and even cryptocurrency wallets. It can also serve as a gateway for additional malware installations.
As part of its crackdown, Microsoft worked to disrupt Lumma’s operations by coordinating the takedown, suspension, and blocking of domains critical to its infrastructure. This legal move comes alongside support from U.S. federal authorities.
The U.S. Department of Justice also announced the seizure of five domains linked to the LummaC2 malware-as-a-service platform. The investigation is being led by the FBI’s Dallas Field Office, highlighting the growing concern over malware networks that enable cybercriminals to easily deploy powerful digital threats.
Microsoft emphasized that Lumma’s rapid spread and durability underscore the need for robust cybersecurity measures and cross-industry cooperation. In a blog post, the company reiterated its commitment to tackling evolving cyber threats through both technical action and legal recourse.
As cybercrime becomes more complex and accessible, this case stands as a clear example of the importance of proactive defense and unified responses.
