Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Briefly
- US and international authorities seized key infrastructure related to Lummac2 Info Stealer
- Malicious software targets information such as phrases of cryptocurrency seeds
- Lumma is associated with more than 1.7 million stealing attempts and active in 394,000 global infections, according to Microsoft
Law enforcement agencies have seized key infrastructure associated with Lummac2, an surgery of a malicious software that has been aiming for millions of victims around the world, including the theft of the KRIPTO CLIENT PHRUSE, according to the US Ministry of Justice announcement on Wednesday.
The plot was part of the coordinated international effort that included the DOJ, Europol, the Japanese Cyber Crime Center, Microsoft and private cyber partners -Safe.
After the initial impression of two websites on May 19, the Lumma administrators tried to establish three new domains, only to seize them the next day.
Microsoft extra identified Over 394,000 Windows Systems infections globally between March and May 2025, through a civil lawsuit filed earlier this month, Microsoft’s Digital Crime Unit seized and disabled over 2,300 domains supported by Lumma Infrastructure.
“Malicious software such as Lummac2 is deployed to theft of sensitive data such as credentials to report to users of millions of victims to facilitate many crimes, including false bank transfers and theft of cryptocurrencies,” said Matthew R. Galeotti, head of the criminal division, in a statement.
Malicious software about falling
Malicious software is not as popular as it used to be.
According to Crowdstrike’s 2025. The Global Threat ReportThere has been a shift towards attacks without malicious software in the last five years, while attackers have switched to concealed methods such as phishing, social engineering, brocal services and reliable abuse of relationships.
Last year, 79% of the attacks that revealed without malicious software, compared to 40% in 2019.
However, this does not mean that there are no willing tools for malicious software as a service such as Lumma, which allow relatively incapable actors to approach the advanced capabilities.
The FBI has established its use in at least 1.7 million attempts to theft using Lummma only.
Crypto wallets are common goals. Earlier this month was identified by researchers Fake ai bots spreading malicious software by targeting cryptocurrency traders while Inferrh drain He stole more than $ 9 million from his wallet in the last six months.
Developing theft
Launched around 2022, Lumma developed through multiple iterations and controlled it Russian developer Known through the Internet as “Shamel”.
They open openly through the Telegram and Russian Forum, Shamel Markets Lumma in service packages that allow customers to adjust, distribute and monitor the stolen data.
One notable campaign used by Lumma included fake E -porukes that represent a false presentation of Booking.com used for the theft of credentials for registration and empty bank accounts.
Malicious software is also associated with attacks on educational systems, toys community and critical infrastructure sectors, including health care and logistics. Its concealment and flexibility made it a favored tool among high ransomware groups like Octo Tempest.
Microsoft said that he continued to monitor new variants of Lumme, warning that malicious software remains a strong threat even when his basic infrastructure is removed.
Edited Sebastian Sinclair
Daily review Bulletin
Start every day with top news, plus original features, podcast, videos and more.
