In a bold move to combat cybercrime, Microsoft has announced a significant legal victory against the notorious Lumma Stealer malware. In a blog post published on May 21, the tech behemoth revealed that a U.S. federal court in Georgia had authorized it to disable nearly 2,300 websites essential to the malware’s operations. This legal milestone marks a major escalation in Microsoft’s ongoing battle against digital threats targeting users’ personal and financial data.
The court’s decision has empowered Microsoft’s Digital Crimes Unit (DCU) to not only block but also dismantle web infrastructure tied to Lumma Stealer — a malware strain known for harvesting sensitive information like passwords, banking credentials, credit card details, and even crypto wallet data. Working in concert with law enforcement agencies across the U.S., Europe, and Asia, Microsoft has taken strategic aim at the malware’s ecosystem and marketplaces where it’s peddled to cybercriminals.
According to Microsoft, Lumma has been circulating in underground hacker forums since 2022. Since its emergence, it has seen several upgrades, making it more effective and harder to detect. Its developers have essentially treated the tool like a commercial product, updating it regularly to maintain its viability on the dark web. Microsoft’s findings show that between March 16 and May 16 alone, over 394,000 Windows machines were infected with Lumma. As a result, the company coordinated with cybersecurity firms and law enforcement agencies to cut off communication between infected systems and Lumma’s command-and-control servers.
The scale of this operation underscores just how prevalent and dangerous information-stealing malware has become. Lumma is far from an isolated threat. It’s part of a growing arsenal of cyber tools used by bad actors to siphon off digital assets and personal information from unsuspecting victims.
The coordinated effort also saw international players step in. Europol’s European Cybercrime Center and Japan’s Cybercrime Control Center contributed by suspending parts of Lumma’s infrastructure hosted in their jurisdictions, demonstrating the global nature of modern cyber threats — and the necessity of global cooperation in fighting them.
The crackdown comes amid a broader surge in malicious activity involving crypto drainers — software specifically engineered to empty crypto wallets. These tools are often distributed through phishing websites, deceptive browser extensions, bogus token airdrops, and other shady schemes. Alarmingly, even hardware and software providers have been caught up in this trend. Just this week, Chinese electronics manufacturer Procolored was accused of shipping Bitcoin-draining malware bundled with their printer drivers, costing users an estimated $953,000 in crypto.
This fits a wider pattern of crypto-related cybercrime. A recent AMLBot report highlighted the rise of crypto drainers being sold as a “service,” making it easier than ever for amateurs to get involved in digital theft. These so-called “drainers-as-a-service” platforms are available for as little as $100, dramatically lowering the barrier to entry for cybercrime.
Adding to the troubling statistics, blockchain analytics firm Chainalysis reported earlier this year that nearly $51 billion in crypto was lost to fraud and scams in 2024 alone. The threat landscape now includes professional crime syndicates, state-sponsored hacking operations, and even scams powered by artificial intelligence. The FBI also weighed in, estimating that Americans lost around $9.3 billion through crypto scams in 2024, with seniors being the most heavily targeted demographic.
North Korea remains a persistent cyber threat as well. According to research by crypto investment firm Paradigm, hackers affiliated with the regime have stolen close to $3 billion in cryptocurrencies from 2017 to 2023. These attacks are becoming more refined, indicating increasing state-level investment in cybercrime capabilities.
Microsoft’s action against Lumma Stealer may not be the final word in the fight against cybercrime, but it’s a powerful reminder that tech companies, governments, and international bodies can make serious inroads when they join forces. As digital threats continue to evolve, so too must our responses — swift, collaborative, and relentlessly vigilant.
