Authorities carry out global takedown of infostealer used by cybercriminals
1 min read
Summary
The Lumma infostealer malware, which is developed in Russia, has been a popular tool for cybercriminals since at least 2025, and has now been disrupted by a consortium of law enforcement and tech companies.
Lumma enables the theft of passwords, banking details and cryptocurrency wallets, facilitating criminal activity such as bank account draining, service disruption, and extortion attacks on schools.
Microsoft obtained a court order to seize the 2,300 domains that underpinned Lumma’s infrastructure, while the US Department of Justice took control of the malware’s command and control infrastructure, and Europol and Japan’s Cybercrime Control Centre disrupted regional infrastructure.
Lumma is distributed via targeted phishing attacks, often impersonating established companies, and is difficult to detect once inside a target organisation.
Its increasing popularity since 2025 means a successor will likely emerge, posing an ongoing threat to individuals and organisations globally.
