A worldwide crackdown on cybercrime has been launched in close coordination between Microsoft, the FBI, Europol and many of the world’s leading cybersecurity organizations. The campaign has dealt a severe blow to the Lumma Infostealer malware distribution network – a dangerous malware that has silently stolen data from hundreds of thousands of computers globally for long periods of time. The destruction of Lumma is seen as an important step forward in efforts to protect users and digital ecosystems from increasingly sophisticated cyberattacks.

Lumma, also known as LummaC2, is a malicious code that operates under the “malware-as-a-service” model. Instead of developing their own attack tools, cybercriminals would pay a fee of between $ 250 and $ 1,000 to rent the Lumma and immediately use the complete suite of data stealing tools. This malicious code is capable of collecting a wide range of sensitive information such as login names, passwords, credit card data, browser cookies, web history, and even cryptocurrency wallet information. Thanks to its “serviceized” approach, Lumma quickly became popular among cybercriminals, even among subjects without technical expertise.

Lumma dispersal is accomplished through many subtle and difficult-to-detection forms. Malicious email scams, malware ads, crack software, keygen, or CAPTCHA scams are used to lure users into installing malicious code manually. In no small number of cases, the victim does not fully realize that her device has been compromised until personal data is stolen or the account is appropriated.

According to security reports, a Lumma-related cyberattack campaign broke out from mid-March to mid-Beijing, 2025. During this period, over 394,000 Windows devices in more than 40 countries were infected. Economic losses were estimated in the tens of millions of US dollars, mostly coming from the theft and trafficking of credit card data on the black markets. Large amounts of leaked data have appeared on platforms such as Telegram, where cybercriminals exchange information quickly and are difficult to control.

As part of the crackdown, authorities gained control over 2,300 malicious domains, thereby severing the remote control (C2) channel between hackers and malicious devices. This is seen as a key factor in crippling much of the coordination infrastructure of the Lumma in the short term.

However, cybersecurity experts warn that the threat from the Lumma has not yet been completely eliminated. Some of the servers, especially in Russia, which is believed to be the main coordination center of the system, are still active. The groups behind Lumma quickly sought to rebuild new infrastructure to continue providing services. According to several security companies, Lumma is still one of the most popular tools among cybercriminals, including the notorious hacker group Scatter Spider, which has launched attacks targeting major corporations in the United States and Europe.

Another worrying problem is that although the control system may be shut down, Lumma malicious code may still exist on the user’s device if not detected and removed thoroughly. This means that the risk of personal information leakage is still present, especially for personal or corporate systems that are not fully protected.

To minimize risk, experts recommend that users regularly update their operating systems and software to fix security vulnerabilities. Being wary of opening unfamiliar emails, avoiding downloading software of unknown origin, and not clicking on suspicious links are all basic but effective ways to avoid email. In addition, using security software capable of detecting unusual behavior, real-time protection, and clipboard surveillance will help strengthen the defense layer. Enabling two-factor authentication (2FA) for key accounts also plays a key role in minimizing damage when login information is exposed. Finally, for businesses, security awareness training for employees is indispensable, because human error has always been the biggest weakness that malicious code like Lumma seeks to exploit.