Microsoft and legislation enforcement have announced a court-authorized takedown of Lumma, a prolific info-stealer malware operation discovered on greater than 394,000 Home windows PCs globally, largely in Brazil, Europe, and the US.
The tech large took civil motion to ask a federal court docket to grab 2,300 domains that served because the malware’s community of command and control servers. The Justice Division additionally seized five domains used to function the Lumma infrastructure.
The Lumma password stealer might be found in dodgy games or cracked apps downloaded from the web. As soon as contaminated, the malware steals logins, passwords, bank cards, and cryptocurrency wallets from the sufferer’s pc, that are bought to different cybercriminals. Lumma additionally serves as a backdoor for hackers who need to drop extra malware, like ransomware.
Password-stealing malware like Lumma have been linked to cyberattacks used to steal large quantities of information from tech firms, like PowerSchool and Snowflake.