In a significant operation, Europol’s European Cybercrime Center (EC3) has successfully disrupted Lumma Stealer, a notorious malware-as-a-service (MaaS) information stealer, in collaboration with Microsoft and other international partners. This operation highlights the EU’s commitment to combating cybercrime and protecting citizens’ digital security.
### The Operation
The joint operation, which involved law enforcement agencies and private sector firms, resulted in the seizure of approximately 2,300 domains that acted as the command-and-control (C2) backbone for the malware. The operation was carried out in May 2025, with Microsoft’s Digital Crimes Unit (DCU) filing a legal action against Lumma Stealer on May 13, 2025.
### Impact of the Disruption
The disruption of Lumma Stealer’s infrastructure is expected to have a significant impact on the cybercrime landscape. The malware had been used in at least 1.7 million instances to steal sensitive information, including login credentials, browser data and cryptocurrency seed phrases. The US Federal Bureau of Investigation (FBI) has attributed around 10 million infections to Lumma.
### Key Players Involved
– *Europol’s European Cybercrime Center (EC3)*:
Provided critical support and expertise in disrupting the malware operation.
– *Microsoft’s Digital Crimes Unit (DCU)*:
Filed a legal action against Lumma Stealer and seized approximately 2,300 malicious domains.
– *FBI*:
Attributed around 10 million infections to Lumma and provided support in the operation.
– *Other partners*:
ESET, BitSight, Lumen, Cloudflare, CleanDNS, and GMO Registry contributed to the disruption effort.
### What is Lumma Stealer?
Lumma Stealer is a malware-as-a-service information stealer that targets Windows and macOS systems. It is designed to steal sensitive information, including:
– *Login credentials*: Stolen login credentials can be used for fraudulent activities.
– *Browser data*:
Browser history, cookies, and autofill information can be compromised.
– *Cryptocurrency seed phrases*:
Stolen seed phrases can lead to significant financial losses.
The malware is available on a subscription basis, with prices ranging from $250 to $1,000. The developer behind Lumma Stealer has been identified as a Russian individual known as “Shamel”.
