Key Takeaways:
- Microsoft blocked nearly 2,300 websites linked to Lumma Stealer and helped dismantle its network.
- Lumma has infected over 394,000 Windows devices and was used to steal passwords and crypto credentials.
- The action comes amid rising crypto-related cybercrime, with $51 billion stolen globally in 2024 alone.
Microsoft has taken legal and technical action to disrupt Lumma Stealer, a notorious malware operation responsible for widespread information theft, including from crypto wallets.
In a May 21 blog post, the company revealed that a federal court in Georgia authorized its Digital Crimes Unit to seize or block nearly 2,300 websites linked to Lumma’s infrastructure.
Working alongside the U.S. Department of Justice, Europol’s European Cybercrime Center, and Japan’s Cybercrime Control Center, Microsoft said it helped dismantle the malware’s command-and-control network and marketplaces where the software was sold to cybercriminals.
Lumma Used to Harvest Passwords, Credentials
Launched in 2022 and continually upgraded, Lumma has been distributed through underground forums and used to harvest passwords, credit card numbers, bank credentials, and digital asset data.
Between March 16 and May 16, Microsoft said it identified more than 394,000 Windows devices infected with Lumma Stealer.
The company coordinated with law enforcement and cybersecurity firms to sever communication between the malware and infected machines.
The action comes amid a broader surge in malware and crypto-focused cybercrime.
Earlier this week, printer manufacturer Procolored was found to be distributing Bitcoin-draining malware bundled with official device drivers, leading to nearly $1 million in stolen crypto.
The official driver provided by this printer carries a backdoor program. It will hijack the wallet address in the user's clipboard and replace it with the attacker's address: 1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygj According to @MistTrack_io, the attacker has stolen 9.3086… https://t.co/DHCkEpHhuH pic.twitter.com/W1AnUpswLU
— MistTrack
(@MistTrack_io) May 19, 2025
Chainalysis reported in February that $51 billion in crypto was stolen in 2024 alone, with fraud cartels, state-backed hackers, and AI-assisted scams leading the surge.
The FBI noted $9.3 billion in crypto scam losses in the U.S. last year, with older adults hit hardest.
Crypto Drainers Offered as SaaS Tools
Crypto drainers, malicious tools used to empty digital wallets, have become common on phishing sites, fake airdrops, and browser extensions.
According to AMLBot, these drainers are now offered as SaaS tools, available to low-level criminals for as little as $100.
Aspiring scammers can join online communities where experienced criminals offer tutorials, transforming phishing novices into crypto drainers with ease.
Some DaaS groups have become so confident in their operations that they reportedly advertise openly — even setting up booths at industry events.
AMLBot’s investigators uncovered listings for malware targeting platforms like Hedera (HBAR), demonstrating how technical talent is actively sourced in niche online spaces.
The rise of drainers has led to significant financial losses. In 2024 alone, Scam Sniffer reported $494 million stolen through such schemes — a 67% increase from the previous year.
Cybersecurity firm Kaspersky also noted a sharp rise in darknet forums dedicated to drainer tools, growing from 55 in 2022 to 129 by 2024.
While Telegram once served as a haven for cybercriminals due to its strict privacy policies, concerns emerged after reports that the platform began sharing data with authorities.
This has driven many bad actors back to the Tor network, where anonymity is easier to maintain.
The post Microsoft Takes Legal Action Against Lumma Stealer Malware, Blocks Thousands of Sites appeared first on Cryptonews.
https://cryptonews.com/news/microsoft-takes-legal-action-against-lumma-stealer-malware-blocks-thousands-of-sites/
