Infostealer malware has been on the rise recently, and that’s evident from the billions of user records leaked online in the past year alone. This type of malware targets everything from your name, phone number and address to financial details and cryptocurrency. Leading the charge is the Lumma infostealer.
I have been reporting on this malware since last year, and security researchers have called it one of the most dangerous infostealers, infecting millions. There have been countless incidents of Lumma targeting people’s personal data (more on this later), but the good news is that Microsoft has taken it down.
The Redmond-based company announced it has dismantled the Lumma Stealer malware operation with the help of law enforcement agencies around the world.
Join The FREE CyberGuy Report: Get my expert tech tips, critical security alerts, and exclusive deals – plus instant access to my free Ultimate Scam Survival Guide when you sign up!
Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)
What you need to know
Microsoft confirmed that it has successfully taken down the Lumma Stealer malware network in collaboration with law enforcement agencies around the world. In a blog post, the company revealed that its Digital Crimes Unit had tracked infections on more than 394,000 Windows devices globally between March 16 and May 16.
Lumma was a go-to tool for cybercriminals, often used to siphon sensitive information like login credentials, credit card numbers, bank account details and cryptocurrency wallet data. The malware’s reach and impact made it a favored choice among threat actors for financial theft and data breaches.
MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINS
To disrupt the malware’s operation, Microsoft obtained a court order from the U.S. District Court for the Northern District of Georgia, which allowed the company to take down key domains that supported Lumma’s infrastructure. This was followed by the U.S. Department of Justice stepping in to seize control of Lumma’s core command system and shut down marketplaces where the malware was being sold.
International cooperation played a major role as well. Japan’s cybercrime unit helped dismantle Lumma’s locally hosted infrastructure, while Europol assisted in actions against hundreds of domains used in the operation. In total, over 1,300 domains were seized or redirected to Microsoft-managed sinkholes to prevent further damage.
Microsoft says this takedown effort also included support from industry partners such as Cloudflare, Bitsight and Lumen, which helped dismantle the broader ecosystem that enabled Lumma to thrive.
HP laptop (Kurt “CyberGuy” Knutsson)
NEW MALWARE EXPLOITS FAKE UPDATES TO STEAL DATA
More about the Lumma infostealer
Lumma is a Malware-as-a-Service (MaaS) that has been marketed and sold through underground forums since at least 2022. Over the years, its developers have released multiple versions to continually improve its capabilities. I first reported on Lumma in February 2024, when it was used by hackers to access Google accounts using expired cookies that contained login information.
Lumma continued targeting users, with reports in October 2024 revealing it was impersonating fake human verification pages to trick Windows users into sharing sensitive information. The malware wasn’t limited to Windows. In January 2024, security researchers found the infostealer malware was targeting 100 million Mac users, stealing browser credentials, cryptocurrency wallets and other personal data.
Windows laptop (Kurt “CyberGuy” Knutsson)
HOW TO REMOVE MALWARE ON A PC (2025)
6 ways you can protect yourself from infostealer malware
To protect yourself from the evolving threat of infostealer malware, which continues to target users through sophisticated social engineering tactics, consider taking these six essential security measures:
1. Be skeptical of CAPTCHA prompts: Legitimate CAPTCHA tests never require you to press Windows + R, copy commands or paste anything into PowerShell. If a website instructs you to do this, it’s likely a scam. Close the page immediately and avoid interacting with it.
2. Don’t click links from unverified emails and use strong antivirus software: Many infostealer attacks start with phishing emails that impersonate trusted services. Always verify the sender before clicking on links. If an email seems urgent or unexpected, go directly to the company’s official website instead of clicking any links inside the email.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
3. Enable two-factor authentication: Enable two-factor authentication (2FA) whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.
4. Keep devices updated: Regularly updating your operating system, browser and security software ensures you have the latest patches against known vulnerabilities. Cybercriminals exploit outdated systems, so enabling automatic updates is a simple but effective way to stay protected.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
5. Monitor your accounts for suspicious activity and change your passwords: If you’ve interacted with a suspicious website, phishing email or fake login page, check your online accounts for any unusual activity. Look for unexpected login attempts, unauthorized password resets or financial transactions that you don’t recognize. If anything seems off, change your passwords immediately and report the activity to the relevant service provider. Also, consider using a password manager to generate and store complex passwords. Get more details about my best expert-reviewed Password Managers of 2025 here.
6. Invest in a personal data removal service: Consider using a service that monitors your personal information and alerts you to potential breaches or unauthorized use of your data. These services can provide early warning signs of identity theft or other malicious activities resulting from infostealer malware or similar attacks. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.
Get a free scan to find out if your personal information is already out on the web.
MALWARE STEALS BANK CARDS AND PASSWORDS FROM MILLIONS OF DEVICES
Kurt’s key takeaway
Microsoft’s takedown of the Lumma Stealer malware network is a major win in the fight against infostealers, which have fueled a surge in data breaches over the past year. Lumma had become a go-to tool for cybercriminals, targeting everything from browser credentials to crypto wallets across Windows and Mac systems. I’ve been tracking this malware since early 2024, and its ability to impersonate human verification pages and abuse expired cookies made it especially dangerous.
CLICK HERE TO GET THE FOX NEWS APP
Do you feel tech companies are doing enough to protect users from malware like this? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover
Follow Kurt on his social channels
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
