Russian malware infects 394,000 Windows computers worldwide
WASHINGTON – Microsoft has announced that 394,000 Windows computers worldwide have been infected with a dangerous malware known as Lumma Stealer.
In a joint operation with international law enforcement, including the United States Department of Justice (DOJ) and Europol, Microsoft managed to sever communication channels between the malware and its victims, and seized control of more than 1,300 domains used in this cybercrime network, according to CNBC on Wednesday (21/5).
Lumma is a Russia-origin malware-as-a-service (MaaS), sold on dark web forums by a developer operating under the alias “Shamel”.
This malicious software is used by hackers to steal sensitive information such as passwords, banking data, credit card details, and cryptocurrency wallets.
In one of the latest incidents in March 2025, Lumma was deployed in a phishing attack disguised as online travel booking service Booking.com.
According to Microsoft’s report, the malware has targeted various critical sectors, including online gaming communities, education, manufacturing, logistics, healthcare, and finance.
Between 16 March and 16 May 2025, 394,000 Windows computers were infected, although the specific locations and types of users—individual or corporate—were not disclosed.
Microsoft, through its Digital Crimes Unit, successfully dismantled Lumma’s digital infrastructure with the aid of a federal court in Georgia, US, and support from tech companies such as Cloudflare, Bitsight, and Lumen.
In addition, Japan’s cybercrime command centre deactivated parts of Lumma’s infrastructure based in its jurisdiction.
As part of the mitigation efforts, 300 domains were redirected to Microsoft-controlled sinkholes—domains used to monitor and analyse malware activity.
The DOJ has also taken control of Lumma’s central command structure and shut down the underground marketplace where the malware was being sold.
According to reports from the World Economic Forum and cybersecurity firm Check Point, 2025 has seen a major spike in cybercrime activity, driven in part by advances in technology such as generative artificial intelligence, which has accelerated the evolution of phishing and social engineering tactics. (EF/ZH)