Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Microsoft raises posse to target dangerous Lumma malware | Computer Weekly

By Computer Weekly by By Computer Weekly
May 22, 2025
Home Uncategorized
Share on FacebookShare on Twitter


A broad coalition of technology partners and law enforcement agencies, spearheaded by Microsoft’s Digital Crimes Unit (DCU), has disrupted the dangerous Lumma Stealer malware-as-a-service (MaaS) operation, which played a key role in the arsenals of multiple cyber criminal gangs, including ransomware crews.

Using a court order granted in the US District Court of the Northern District of Georgia earlier in May, the DCU and its posse seized and took down approximately 2,300 malicious domains that formed the core of the Lumma operation.

“Lumma steals passwords, credit cards, bank accounts and cryptocurrency wallets, and has enabled criminals to hold schools to ransom, empty bank accounts and disrupt critical services,” said DCU assistant general counsel, Steven Masada.

At the same time, the US Department of Justice (DoJ) seized the MaaS central command structure and targeted the underground marketplaces where access was sold, while elsewhere, Europol’s European Crime Centre (EC3) and Japan’s Cybercrime Control Centre (JC3) went after locally hosted infrastructure.

Europol EC3 head Edvardas Šileris, said: “This operation is a clear example of how public-private partnerships are transforming the fight against cyber crime. By combining Europol’s coordination capabilities with Microsoft’s technical insights, a vast criminal infrastructure has been disrupted. Cyber criminals thrive on fragmentation – but together, we are stronger.”

In a blog post detailing the takedown, Masada said that over a two-month period, Microsoft had identified more than 394,000 Windows computers that had been infected by Lumma. These machines have now been “freed”, with communications between Lumma and its victims severed.

This joint action is designed to slow the speed at which [threat] actors can launch their attacks, minimise the effectiveness of their campaigns, and hinder their illicit profits by cutting a major revenue stream
Steven Masada, Microsoft Digital Crimes Unit

At the same time, about 1,300 domains seized by or transferred to Microsoft – including 300 actioned by Europol – are now redirecting to Microsoft-operated sinkholes.

“This will allow Microsoft’s DCU to provide actionable intelligence to continue to harden the security of the company’s services and help protect online users,” said Masada. “These insights will also assist public- and private-sector partners as they continue to track, investigate and remediate this threat.

“This joint action is designed to slow the speed at which these actors can launch their attacks, minimise the effectiveness of their campaigns, and hinder their illicit profits by cutting a major revenue stream.”

Lumma chameleon

The Lumma Stealer MaaS first appeared on the underground scene about three years ago and has been under near-continuous development since then.

Based out of Russia, and run by a primary developer who goes by the handle “Shamel”, Lumma offers four tiers of service, starting from $250 (£186) and rising to an eye-popping $20,000, for which buyers receive access to Lumma’s style and panel source code, the source code for plugins, and the right to act as a reseller.

In conversation with a cyber researcher in 2023, Shamel claimed to have approximately 400 active users.

When deployed, the goal is typically to monetise stolen data or conduct further exploitation. Like a chameleon, it is difficult to spot and can slip by many security defences unseen. To lure its victims, Lumma spoofs trusted brands – including Microsoft – and spreads through phishing and malvertising.

As such, it has become something of a go-to tool for many, and is known to have been used by many of the world’s more notorious cyber crime collectives, including ransomware gangs. Its customers likely included, at one time, Scattered Spider, the group thought to be behind the ransomware attack on Marks & Spencer in the UK, although there is no public evidence to suggest it was used in this incident.

Blake Darché, head of Cloudforce One at Cloudflare, which provided key support during the takedown, said: “Lumma goes into your web browser and harvests every single piece of information on your computer that could be used to access either dollars or accounts – with the victim profile being everyone, anywhere, at any time.

“The threat actors behind the malware target hundreds of victims daily, grabbing anything they can get their hands on. This disruption worked to fully set back their operations by days, taking down a significant number of domain names and ultimately blocking their ability to make money by committing cyber crime.

“While this effort threw a sizeable wrench into the largest global infostealer’s infrastructure, like any threat actor, those behind Lumma will shift tactics and reemerge to bring their campaign back online,” said Darché.



Source link

By Computer Weekly

By Computer Weekly

Next Post
O-RAN Digital Twin Platform Co-Funded by O-RAN ALLIANCE Powers Research and Innovation in AI and Open RAN

O-RAN Digital Twin Platform Co-Funded by O-RAN ALLIANCE Powers Research and Innovation in AI and Open RAN

Recommended.

Un rapport d’IDC montre que Huawei occupe la première place sur le marché mondial des appareils portés au poignet au premier trimestre

Un rapport d’IDC montre que Huawei occupe la première place sur le marché mondial des appareils portés au poignet au premier trimestre

June 18, 2025
SAP To Buy Dremio And Prior Labs To ‘Lead’ Agentic And AI Models

SAP To Buy Dremio And Prior Labs To ‘Lead’ Agentic And AI Models

May 4, 2026

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Anaconda Extends AI-Native Application Development With Acquisition

Anaconda Extends AI-Native Application Development With Acquisition

May 1, 2026
AT&T Vs. Verizon: How The Country’s Biggest Carriers Fared In Q4 2025

AT&T Vs. Verizon: How The Country’s Biggest Carriers Fared In Q4 2025

January 30, 2026
AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

April 21, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio