In This Article:
On Wednesday, Microsoft's (NASDAQ:MSFT) Digital Crimes Unit brought suit on May 13 against Lumma Stealer, an information-stealing malware used by hundreds of threat actors to siphon passwords, credit-card data, bank details and cryptocurrency wallets.
Between March 16 and May 16, Microsoft detected over 394,000 Windows PCs infected with Luma Stealer, according to assistant general counsel Steven Masada in a company blog post. Leveraging a U.S. court order, the DCU seized or took down roughly 2,300 malicious domains forming Lumma's command-and-control backbone.
Simultaneously, the Department of Justice disrupted the malware's central servers and online marketplaces, while Europol's EC3 and Japan's JC3 suspended locally based infrastructure nodesmarking one of the most extensive multinational takedowns of an info-stealer to date.
The growth and resilience of Lumma Stealer highlights the broader evolution of cybercrime and underscores the need for layered defenses and industry collaboration to counter threats, Microsoft said in a separate post.
Analysts note this legal offensive follows earlier DCU actions against other high-profile info-stealers and could pressure peers such as CrowdStrike (NASDAQ:CRWD) and Palo Alto Networks (NASDAQ:PANW) to accelerate feature rollouts. Compared with a similar takedown of TrickBot in October 2024, which involved 1,100 domains and an estimated 150,000 infections, this operation more than doubles the scale of disruption.
Why It Matters This aggressive move not only hampers Lumma's infrastructure but also underscores Microsoft's growing role as both defender and regulator, signaling to investors its commitment to bolstering enterprise-security offerings.
This article first appeared on GuruFocus.