Netvora logo
Submit Startup Subscribe
Home About Contact Submit Startup Subscribe

Microsoft Uncovers Password-Stealing Lumma Malware on 394,000 PCs

Comment

Microsoft Uncovers Password-Stealing Lumma Malware on 394,000 PCs

Netvora May 22, 2025 at 09:50 AM Security
Microsoft Uncovers Password-Stealing Lumma Malware on 394,000 PCs

Microsoft Uncovers Password-Stealing Lumma Malware on 394,000 PCs

By Netvora Tech News

Microsoft has discovered a password-stealing malware, known as Lumma, on 394,000 Windows computers, according to a recent report. The malware, which is specifically designed to steal login credentials, has been detected by the tech giant over the past month.

Lumma Malware: The Details

The Lumma malware, also known as Lumma Stealer, is a type of infostealer malware that is sold for a fee, ranging from $250 to $1,000. The malware's source code is available for purchase for $20,000. According to Microsoft, hundreds of attackers are using the malware, which is spread through various methods, including malicious advertisements, fake browser updates on compromised websites, phishing, and more.

Malware Capabilities

Once installed, the Lumma malware can steal a wide range of data, including login credentials, autofill data from the browser, credit card information, cryptocurrency wallets, and documents. The malware can also take screenshots, install other malware, and remove itself from the system.

Microsoft's Response

Microsoft recently obtained a court order to block or seize 2,300 domain names that the malware uses. The tech giant has worked with Europol, CleanDNS, Cloudflare, ESET, and Lumen to take down the malware. The FBI and CISA, the US Cybersecurity and Infrastructure Security Agency, have also been involved in the operation.

Domain Seizure

Microsoft has seized 1,300 domain names, which now point to a sinkhole server controlled by the tech giant. This allows infected machines to connect to Microsoft's servers, enabling the company to track the location of affected systems and alert internet service providers of the issue.

Prevention Measures

The FBI and CISA recommend several measures to prevent infection by such malware, including:
  • Separating user and privileged accounts
  • Maintaining logs and monitoring for suspicious activity
  • Restricting remote access software
  • Collecting and analyzing logs
  • Revoking login credentials for departing employees
  • Implementing network segmentation
By taking these steps, users can reduce the risk of falling victim to password-stealing malware like Lumma.

Comments (0)

Leave a comment

Back to homepage

You might also like