Particle.news

Download on the App Store

Global Taskforce Dismantles Lumma Stealer Malware Network

An international operation led by Microsoft and law enforcement agencies has disabled the infrastructure of the world's largest credential-stealing malware, but its developer remains at large.

Image
Image
Microsoft
Image

Overview

  • Microsoft, Europol, the U.S. Department of Justice, and global partners seized over 2,300 servers and URLs controlling Lumma Stealer malware.
  • Lumma Stealer, active since 2022, infected over 394,000 systems worldwide in just two months, targeting credentials, financial data, and critical systems.
  • The malware, sold as a subscription-based service, enabled criminals to launch attacks without technical expertise, with pricing tiers offering features like source code access.
  • Authorities focused on dismantling the malware's command-and-control infrastructure, reflecting a shift in strategy to disrupt cybercriminal operations at scale.
  • The main developer, operating under the alias 'Shamel' and believed to be based in Russia, remains free, raising concerns about potential rebuilds and ongoing threats from similar platforms.