Microsoft announced a coordinated effort to hobble Lumma Stealer, a widely used piece of malware known for stealing personal information and enabling ransomware attacks.
The company on Wednesday said it took legal action to seize more than 2,300 malicious domains as part of a larger partnership with the U.S. Department of Justice, Europol, Japan’s Cybercrime Control Center, Cloudflare, and other tech industry players.
From March 16 to May 16 of this year, the malware infected 394,000 Windows computers worldwide, according to a Microsoft blog post by Steven Masada of the company’s Digital Crimes Unit. Lumma Stealer has been used to steal passwords, credit cards, and bank and crypto accounts, hold schools for ransom, and disrupt key services.
The crackdown followed an investigation by its Digital Crimes Unit, which tracked how Lumma spread. Microsoft said it obtained a court order to seize the malicious domains and shut them down, cutting off the malware’s communication and redirecting traffic to servers it now controls.
In its complaint, filed under seal on May 13 in U.S. District Court in Georgia, Microsoft alleged that Lumma Stealer is “the most widely distributed data-stealing malware family in the world,” potentially linked to nation-state activity in addition to ransomware attacks and financial fraud.
Lumma Stealer does not exploit a specific vulnerability in Windows but relies on social engineering techniques to trick users into manually installing the malware.
The company described a criminal network of unidentified defendants who used phishing campaigns and fake error messages to trick victims into installing the malware, which then connected to command-and-control servers via a network of proxy and relay domains.
The company expects attackers to try to rebuild. Microsoft says it will keep working with law enforcement and tech partners to track new threats, improve security, and stop future attacks. The company says it’s also planning to use the seized domains to gather intelligence aimed at helping others strengthen their security.
Microsoft says computer users should protect themselves from malware like Lumma by turning on multi-factor authentication, keeping antivirus software up to date, and being careful with email links and attachments.
Read the full article here
