Microsoft's Digital Crimes Unit (DCU) has led a global operation to disrupt Lumma Stealer, a notorious malware variant that has infected over 394,000 Windows computers worldwide. The malware, known for stealing sensitive information such as passwords, credit cards, and cryptocurrency wallets, has been used in various cybercrime activities, including ransomware attacks and financial fraud.
How Lumma Stealer Works
Lumma Stealer is a Malware-as-a-Service (MaaS) model, marketed and sold through underground forums since 2022. Its primary goal is to monetize stolen information or conduct further exploitation for various purposes. The malware is easy to distribute, difficult to detect, and can be programmed to bypass certain security defenses, making it a popular tool among cybercriminals.
Operation Details
The operation involved ¹ ²:
Seizing Malicious Domains: Microsoft obtained a court order to seize over 2,300 malicious domains that formed the backbone of Lumma's infrastructure.
Collaboration with Law Enforcement: The US Department of Justice, Europol, and Japan's Cybercrime Control Center worked together to disrupt the malware's command structure and online marketplaces that sold Lumma.
Redirecting Traffic: Microsoft will redirect traffic from seized domains to its sinkholes, allowing the company to gather intelligence and help strengthen security.
Impact and Prevention
The disruption of Lumma Stealer's operations is expected to significantly impact cybercrime activities. To protect themselves, computer users should:
Use Multi-Factor Authentication: Enable MFA to add an extra layer of security to their accounts.
Keep Antivirus Software Up-to-Date: Regularly update antivirus software to detect and prevent malware infections.
Be Cautious with Email Links and Attachments: Avoid suspicious emails and attachments to prevent malware infections.

Tip the host https://link.space/@RoamingRamble
buy me a coffee https://www.buymeacoffee.com/jadiri79d
Amazon wishlist https://www.amazon.ca/hz/wishlist/ls/...