According to TechFlow, on May 22, law enforcement agencies successfully seized the critical infrastructure of LummaC2, a malware that steals mnemonics from cryptocurrency wallets targeting millions of users. The operation was jointly carried out by the U.S. Department of Justice, Europol, Japan Cyber Crime Control Center, and Microsoft.
According to Microsoft data, more than 394,000 Windows systems were found to be infected with the malware from March to May 2025. Microsoft seized and disabled more than 2,300 domain names supporting LummaC2 operations through civil lawsuits. The FBI confirmed that at least 1.7 million theft attempts occurred through LummaC2.
The malware was launched in 2022 by a Russian developer going by the online name "Shamel" and was primarily marketed through Telegram and Russian-language forums, offering tiered service packages that allow buyers to customize, distribute, and track stolen data.