Microsoft Disrupts Lumma Stealer Malware | Cryptowisser News

Microsoft has successfully coordinated a comprehensive legal and technical operation to disrupt Lumma Stealer, a sophisticated malware campaign responsible for widespread cryptocurrency and financial data theft. The company announced on May 21 that a federal court in Georgia authorized its Digital Crimes Unit to seize or block nearly 2,300 websites connected to the malware's operational infrastructure.

Working in partnership with the U.S. Department of Justice, Europol's European Cybercrime Center, and Japan's Cybercrime Control Center, Microsoft helped dismantle the malware's command-and-control network along with underground marketplaces where cybercriminals purchased the software. This coordinated international effort represents one of the most significant takedowns of crypto-focused malware infrastructure to date.

Lumma Infected Nearly 400,000 Windows Devices

Since its launch in 2022, Lumma Stealer has undergone continuous upgrades and has been actively distributed through underground forums. The malware specializes in harvesting sensitive information including passwords, credit card numbers, banking credentials, and digital asset data from infected systems.

Microsoft's investigation revealed that between March 16 and May 16, more than 394,000 Windows devices were infected with Lumma Stealer. The company worked closely with law enforcement agencies and cybersecurity firms to sever communication channels between the malware and compromised machines, effectively neutralizing the threat network.

The takedown occurs against a backdrop of escalating cryptocurrency cybercrime. Recent incidents include printer manufacturer Procolored distributing Bitcoin-draining malware through official device drivers, resulting in nearly $1 million in stolen cryptocurrency. According to Chainalysis, $51 billion in crypto was stolen throughout 2024, with fraud cartels, state-backed hackers, and AI-assisted scams driving the surge.

Crypto Drainers Emerge as Profitable Criminal Services

The cybercriminal landscape has evolved to include specialized "crypto drainers"—malicious tools designed to empty digital wallets—which are now commonly deployed through phishing sites, fraudulent airdrops, and malicious browser extensions. AMLBot research indicates these drainers are increasingly offered as Software-as-a-Service (SaaS) tools, available to entry-level criminals for as little as $100.

The democratization of cybercrime has created online communities where experienced criminals provide tutorials, enabling novices to quickly develop sophisticated phishing and wallet-draining capabilities. Some criminal organizations have grown so confident that they reportedly advertise openly and establish booths at industry events.

According to Scam Sniffer, crypto drainer schemes resulted in $494 million in losses during 2024 alone—a 67% increase from the previous year. Cybersecurity firm Kaspersky documented the growth of darknet forums dedicated to drainer tools, which expanded from 55 in 2022 to 129 by 2024, demonstrating the rapidly expanding criminal ecosystem surrounding cryptocurrency theft.