Microsoft has taken legal steps against the creators of Lumma Stealer, a dangerous malware tool used to steal personal and financial information. In a blog post on May 21, the tech company said a federal court in Georgia granted permission to take down or block over 2,300 websites linked to the malware.
According to the tech company, Lumma Stealer is sold in underground hacker forums and allows cybercriminals to steal passwords, bank account logins, credit card numbers, and even crypto wallet data. Microsoft revealed that the malware has been in circulation since 2022 and has received several upgrades, making it harder to detect and easier to use.
Between March 16 and May 16 of this year, Microsoft said it found Lumma malware on over 394,000 infected Windows computers. The company worked with cybersecurity firms and law enforcement to block communications between the infected systems and the malware’s control servers. The U.S. Department of Justice also shut down websites and online marketplaces where Lumma was being sold.
The seized websites formed part of Lumma’s control network, which allows hackers to manage the malware and collect stolen data. Microsoft said its Digital Crimes Unit played a key role in the takedown operation. Local infrastructure used to spread Lumma in Europe and Japan was also suspended.
This crackdown comes as online threats targeting crypto users continue to grow. Crypto drainers tools that empty digital wallets are becoming more common and rampant by the minute. Reports say these tools are sold as services, with prices starting at just $100.
According to a February report from Chainalysis, cybercrime caused the loss of around $51 billion worth of crypto in 2024 alone. The FBI said Americans lost over $9.3 billion through crypto scams in 2024, with people over 60 being most at risk.
