Microsoft "disrupts" major Hacking Software Infecting 394,000 Windows Computers

[Melensdad]

I'm an Apple guy, so I don't much worry about Windows, but this seems like a massive win. Nearly 400,000 computers worldwide have been identified as being infected with this malware. The malware shares your personal data. I run a program weekly to scan for malware, viruses, bloat, etc. I think if I had a Windows system I'd be running it daily. But if you don't do something, someone is going to get your data.

Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool

Microsoft and partners disrupted Lumma Stealer, malware used to steal data and enable cybercrime. Legal action was filed on May 13 by Microsoft DCU

blogs.microsoft.com

FULL STORY AT LINK ^^^​

​

​

Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool​

May 21, 2025​

​

Microsoft’s Digital Crimes Unit (DCU) and international partners are disrupting the leading tool used to indiscriminately steal sensitive personal and organizational information to facilitate cybercrime. On Tuesday, May 13, Microsoft’s DCU filed a legal action against Lumma Stealer (“Lumma”), which is the favored info-stealing malware used by hundreds of cyber threat actors. Lumma steals passwords, credit cards, bank accounts, and cryptocurrency wallets and has enabled criminals to hold schools for ransom, empty bank accounts, and disrupt critical services.​

​

Via a court order granted in the United States District Court of the Northern District of Georgia, Microsoft’s DCU seized and facilitated the takedown, suspension, and blocking of approximately 2,300 malicious domains that formed the backbone of Lumma’s infrastructure. The Department of Justice (DOJ) simultaneously seized the central command structure for Lumma and disrupted the marketplaces where the tool was sold to other cybercriminals. Europol’s European Cybercrime Center (EC3) and Japan’s Cybercrime Control Center (JC3) facilitated the suspension of locally based Lumma infrastructure.​

​

Between March 16, 2025, and May 16, 2025, Microsoft identified over 394,000 Windows computers globally infected by the Luma malware. Working with law enforcement and industry partners, we have severed communications between the malicious tool and victims. Moreover, more than 1,300 domains seized by or transferred to Microsoft, including 300 domains actioned by law enforcement with the support of Europol, will be redirected to Microsoft sinkholes. This will allow Microsoft’s DCU to provide actionable intelligence to continue to harden the security of the company’s services and help protect online users. These insights will also assist public- and private-sector partners as they continue to track, investigate, and remediate this threat. This joint action is designed to slow the speed at which these actors can launch their attacks, minimize the effectiveness of their campaigns, and hinder their illicit profits by cutting a major revenue stream.​

​

Heat map detailing global spread of Lumma Stealer malware infections and encounters across Windows devices.Splash page displayed on 900+ domains seized by Microsoft. ​

What is Lumma?​

Lumma is a Malware-as-a-Service (MaaS), marketed and sold through underground forums since at least 2022. Over the years, the developers released multiple versions to continually improve its capabilities. Microsoft Threat Intelligence shares more details around the delivery techniques and capabilities of Lumma in a recent blog.​

​

Typically, the goal of Lumma operators is to monetize stolen information or conduct further exploitation for various purposes. Lumma is easy to distribute, difficult to detect, and can be programmed to bypass certain security defenses, making it a go-to tool for cybercriminals and online threat actors, including prolific ransomware actors such as Octo Tempest (Scattered Spider). The malware impersonates trusted brands, including Microsoft, and is deployed via spear-phishing emails and malvertising, among other vectors.​

 

[Melensdad]

The Justice Department apparently is involved in taking over the "marketplace" where your data/credit cards, etc are sold.

https://www.cnbc.com/2025/05/21/microsoft-malware-windows.html

​

​

• Microsoft said Wednesday that it broke down the Lumma Stealer malware project with the help of law enforcement officials across the globe.
• Hackers used the malware to steal passwords, credit cards, bank accounts and cryptocurrency wallets.
• The U.S. Department of Justice took control of Lumma’s “central command structure” and squashed the online marketplaces where bad actors purchased the malware.

​

Microsoft said Wednesday that it broke down the Lumma Stealer malware project with the help of law enforcement officials across the globe.

The tech giant said in a blog post that its digital crimes unit discovered over 394,000 Windows computers were infected by the Lumma malware worldwide between March 16 through May 16.

The Lumma malware was a favorite hacking tool used by bad actors, Microsoft said in the post. Hackers used the malware to steal passwords, credit cards, bank accounts and cryptocurrencywallets.​

​

Microsoft said its digital crimes unit was able to dismantle the web domains underpinning Lumma’s infrastructure with the help of a court order from the U.S. District Court for the Northern District of Georgia.​

​

The U.S. Department of Justice then took control of Lumma’s “central command structure” and squashed the online marketplaces where bad actors purchased the malware.

STORY CONTINUES at the CNBC link above ^^^​

 

[Dax949]

Speaking of 'hacking' ... this guy sent me an email wanting $1360.

Things must be getting tough in Moscow these days, huh?


"What's up with your taste? What's with that awful interior design? But don't worry, it's easy to fix, and besides, you seem like a kind and good person based on your correspondence. Everything's fine except for one thing.

Be sure to read this letter. It is very important for you. The text had to be made difficult to read in order to send you this text.

Something important has happened that I would like to tell you about. I gained control to your devices through certain websites that you visited. These sites allowed me to infiltrate your system. One of them contained a special code that I used, and it worked perfectly. Now I can see everything that happens on your screen and even around it.

I have saved copies of your most interesting files and have the contacts you interact with most often. I also have access to your entire browsing history. At first, I thought about deleting everything I found on your devices and moving on. But after looking at the websites you regularly visit, I changed my mind. I'm referring to websites with questionable content.

Then I had an idea. While I was on your home network, I installed a backdoor on your phone so I could use your phone's camera. You jerk off a lot. Without going into the dirty details, I ended up recording a movie starring you (your photo is used as the cover for video). I'm sure this movie will impress all your contacts ^_^.

As of today, the backdoor has been removed from all your devices (I only left a beacon to let me know you read this email, but now it has self-destructed), but all the information collected and videos recorded are stored in cloud services on the internet.

In short, since you're in a shitty situation and I need BTC, I'm offering you a deal. You send me bitcoins, I'll delete all data about you, and we can both forget this ever happened. I'm asking for 1360 US dollars in BTC. Wallet to which the money should be sent:
hzcdu77yjcja80jw

At that moment the countdown began and you have 36 hours.
Everything is ready for publication, and all I have to do is press the button. Or not press it. The decision is up to you."