Overview

• Microsoft, Europol, the U.S. Department of Justice, and global partners seized over 2,300 servers and URLs controlling Lumma Stealer malware.
• Lumma Stealer, active since 2022, infected over 394,000 systems worldwide in just two months, targeting credentials, financial data, and critical systems.
• The malware, sold as a subscription-based service, enabled criminals to launch attacks without technical expertise, with pricing tiers offering features like source code access.
• Authorities focused on dismantling the malware's command-and-control infrastructure, reflecting a shift in strategy to disrupt cybercriminal operations at scale.
• The main developer, operating under the alias 'Shamel' and believed to be based in Russia, remains free, raising concerns about potential rebuilds and ongoing threats from similar platforms.