Microsoft, the Justice Department and other global partners have seized and taken down domains that distributed malware to cybercriminals and globally infected nearly 400,000 computers. File Photo by Ritchie B. Tongo/EPA-EFE
May 21 (UPI) — Microsoft, the Department of Justice and others have thwarted the use of the Lumma Stealer malware that globally has infected nearly 400,000 computers.
The tech giant’s Digital Crimes Unit seized and helped take down, suspend and block about 2,300 “malicious domains” that were the backbone of Lumma’s infrastructure, said Steven Masada, assistant general counsel for Microsoft’s DCU.
Microsoft on May 13 filed a federal lawsuit against Lumma Stealer in the U.S. District Court for Northern Georgia, itnews reported.
Microsoft says Lumma Stealer is a “malware as a service” that can steal data from browsers, cryptocurrency wallets and other applications by installing malware.
The tech firm from March 15 through Friday identified more than 394,000 Windows computers around the world that were infected with the Lumma malware.
The Department of Justice on Wednesday unsealed two warrants authorizing the seizure of five Internet domains used by cybercriminals to operate the Lumma malware service, which also is called “LummaC2.”
The Lumma malware “is deployed to steal sensitive information, such as user login credentials from millions of victims in order to facilitate a host of crimes,” said Matthew Galeotti, leader of the DOJ’s Criminal Division, in a news release.
Those crimes include fraudulent bank transfers and cryptocurrency theft, Galeotti said.
“The Justice Department is resolved to use court-ordered disruptions like this one to protect the public from the theft of their personal information and their assets,” he added.
The DOJ’s affidavit seeking the two seizure warrants accuses the administrators of LummaC2 of using the seized websites to distribute the malware to their affiliates and other cyber criminals.
Browser data, autofill info, login credentials for email and banking services, and cryptocurrency seed phrases that open crypto wallets were common targets affected by the malware, according to the DOJ.
FBI investigators also identified at least 1.7 million instances in which the malware enabled cybercriminals to steal such information.
The DOJ on Monday seized two online domains used to distribute the malware, which caused the Lumma operators to direct users to three new domains on Tuesday.
The DOJ seized the three new domains on Wednesday.
Europol’s European Cybercrime Center and Japan’s Cybercrime Control Center enabled the takedown of Lumma infrastructure within their respective jurisdictions, Microsoft officials said.