New Delhi, May 22: Microsoft Threat Intelligence has detected a continued rise in the use of Lumma Stealer, which is a type of infostealer malware that has been used by financially driven cybercriminals across different sectors. In response, Microsoft has worked alongside industry partners and international law enforcement agencies to disrupt the infrastructure supporting Lumma and the online platforms where the malware was being sold to other cybercriminals.

As per a blog post published on May 21, 2025, Microsoft’s Digital Crimes Unit (DCU) has filed a legal case against Lumma Stealer “Lumma”, a widely used info-stealing malware linked to hundreds of cybercriminals. Microsoft found more than 3,94,000 Windows computers worldwide infected by Lumma malware between March 16 and May 16, 2025. Microsoft Sues Lumma Stealer As Lumma Malware Infects Nearly 4 Lakh Windows Computers.

Microsoft Threat Intelligence Notes Growing Threat of Lumma Stealer Malware

What is Lumma Stealer?

Lumma Stealer is also referred as LummaC2, which is a Malware-as-a-Service (MaaS) platform capable of stealing data from various browsers and applications from web browsers, cryptocurrency wallets, and various applications. It is also used to deploy additional malware. In a blog post Microsoft said, "Lumma Stealer exemplifies a shift toward multi-vector delivery strategies. Its operators demonstrate resourcefulness and proficiency in impersonation tactics."

The system used to spread Lumma Stealer is designed is said to be flexible and adaptable. The operators behind it keep updating their methods by "rotating malicious domains, exploiting ad networks, and leveraging legitimate cloud services". It helps them to avoid being detected and keep their operations running smoothly.

Lumma Stealer Operating Techniques

Lumma Stealer is spread using several methods. One common tactic involves phishing emails that pretend to be from trusted companies. It includes links or attachments that lead to fake websites or malicious servers, which then install the malware on the victim’s device. Cybercriminals also plant fake ads in search engine results, often for popular software like “Notepad++” or “Chrome update.” These ads redirect users to fake versions of real websites that secretly install Lumma Stealer. Lathika Pai Sues Microsoft: Former Executive Files INR 35.3 Crore Lawsuit Against Tech Giant, Alleges Hostile Work Environment and ‘Constructive Dismissal’.

Another method includes bundling the malware with cracked or pirated applications. These infected files are shared on file-sharing platforms and appear normal during installation, but the malware quietly runs in the background after the app is launched. Cybercriminals are reportedly misusing public platforms like "GitHub", where they upload harmful scripts and files disguised as legitimate tools or utilities. One misleading technique includes the use of fake CAPTCHA pages, a tactic linked to what is commonly observed in the "ClickFix" ecosystem.

(The above story first appeared on LatestLY on May 22, 2025 11:16 AM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).