During an international police operation supported by Microsoft, the Lumma malware has been neutralized. Lumma had been actively used for extortion for years.
Microsoft claims in a blog the scalp of Lumma, a malware widely used for stealing passwords and credit card information. In collaboration with Europol, American and Japanese law enforcement agencies, and partners from the technology sector such as Eset and Cloudflare, a joint action was set up against Lumma. In the process, the command structures were disabled.
Microsoft’s Digital Crimes Unit received a mandate from the U.S. Department of Justice on May 13 to launch the attack on Lumma. 2,300 malicious domains supporting the Lumma network were shut down. The United States takes over the command structure, while European and Japanese law enforcement agencies assisted in blocking local infrastructure.
Global Impact
The Lumma malware has been circulating on underground forums since at least 2022. The program was used to steal passwords, banking information, and crypto wallets. Cybercriminals also use it for extortion, financial fraud, and attacks on critical sectors such as education, healthcare, telecommunications, and manufacturing.
The malware is difficult to detect and can bypass security measures. Lumma is distributed through phishing and “malvertising”, where hackers pose as trusted brands. In March 2025, Microsoft discovered a phishing campaign mimicking the online travel agency Booking.com and using Lumma for identity theft.
The main developer of Lumma, known by the alias “Shamel”, operates from Russia and offers various subscription models for using the malware. This allows cybercriminals to compile their own versions of Lumma and misuse it for criminal activities.
Collaboration as Key
This action is a prime example of what can be achieved when international governments, law enforcement agencies, and technology companies join forces to combat cybercrime. By disabling the infrastructure, it becomes more difficult and costly for criminals to carry out new attacks. As a cherry on top, successful actions also undermine the reputation and credibility of hackers in the cybercrime environment.
read also
A Look into the Russian Cyber Underworld: Reputation, Strict Rules, and Internal Conflict
Microsoft emphasizes that the threat remains, as cybercriminals continue to adapt. Organizations and users are advised to take basic security measures such as multi-factor authentication, updating anti-malware software, and staying alert to suspicious emails.