Microsoft takes down malware found on 394,000 Windows PCs

I have been reporting on this malware since last year, and security researchers have called it one of the most dangerous infostealers, infecting millions. There have been countless incidents of Lumma targeting people's personal data (more on this later), but the good news is that Microsoft has taken it down.

The Redmond-based company announced it has dismantled the Lumma Stealer malware operation with the help of law enforcement agencies around the world.

Lumma was a go-to tool for cybercriminals, often used to siphon sensitive information like login credentials, credit card numbers, bank account details and cryptocurrency wallet data. The malware's reach and impact made it a favored choice among threat actors for financial theft and data breaches.

To disrupt the malware's operation, Microsoft obtained a court order from the U.S. District Court for the Northern District of Georgia, which allowed the company to take down key domains that supported Lumma's infrastructure. This was followed by the U.S. Department of Justice stepping in to seize control of Lumma's core command system and shut down marketplaces where the malware was being sold.

Microsoft says this takedown effort also included support from industry partners such as Cloudflare, Bitsight and Lumen, which helped dismantle the broader ecosystem that enabled Lumma to thrive.

To protect yourself from the evolving threat of infostealer malware, which continues to target users through sophisticated social engineering tactics, consider taking these six essential security measures:

1. Be skeptical of CAPTCHA prompts: Legitimate CAPTCHA tests never require you to press Windows + R, copy commands or paste anything into PowerShell. If a website instructs you to do this, it's likely a scam. Close the page immediately and avoid interacting with it.

2. Don't click links from unverified emails and use strong antivirus software: Many infostealer attacks start with phishing emails that impersonate trusted services. Always verify the sender before clicking on links. If an email seems urgent or unexpected, go directly to the company's official website instead of clicking any links inside the email.

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com.  All rights reserved.