In an unprecedented coordinated action, Microsoft announced that it has blocked nearly 2,300 websites linked to the Lumma Stealer malware, one of the most widespread and dangerous cyber threats of recent years.
The operation, made possible thanks to the authorization of a federal court in Georgia, represents a significant blow against the digital infrastructures used to steal sensitive data and cryptocurrencies.
The operation was conducted by the Digital Crimes Unit of Microsoft in collaboration with the United States Department of Justice, Europol, and the Japan Cybercrime Control Center.
The objective: dismantle the command and control network of the malware and the clandestine marketplaces where it was sold to cybercriminals.
Lumma Stealer: a malware in continuous evolution and Microsoft’s actions
First appearing in 2022, Lumma Stealer quickly evolved into a sophisticated tool for stealing passwords, credit card numbers, bank credentials, and digital wallet data.
Distributed through underground forums, the malware has been used by a global network of cybercriminals to compromise devices and steal sensitive information.
According to Microsoft, between March 16 and May 16, 2024, over 394,000 Windows devices were identified as infected by Lumma.
The company has worked closely with law enforcement and cybersecurity companies to disrupt communications between compromised devices and the malware control servers.
The action against Lumma Stealer comes at a time when cybercrime related to criptovalute is experiencing a true explosion.
According to a report published by Chainalysis in February, in 2024 alone, 51 billion dollars in cryptocurrencies were stolen globally. The scams are fueled by crime cartels, state-sponsored hackers, and frauds assisted by artificial intelligence.
In the United States, the FBI has reported losses of 9.3 billion dollars related to cryptocurrency scams in 2023, with the elderly among the most affected victims. The phenomenon shows no signs of slowing down; on the contrary, it is becoming increasingly sophisticated and accessible even to less experienced criminals.
Among the tools most used by cybercriminals are the so-called crypto drainers, malicious software designed to empty the victims’ digital wallets. These tools are often hidden in phishing sites, fake airdrops, or browser extensions.
According to AMLBot, drainers are now offered as SaaS (Software-as-a-Service) services, available for a few dollars — in some cases even for 100 dollars — to anyone who wants to enter the world of cybercrime.
A black market in continuous expansion
Not by chance, on the web there are real community where expert criminals offer tutorial and support. Thus transforming aspiring fraudsters into cryptocurrency thieves in just a few days.
Some “Drainer-as-a-Service” groups have become so confident in their operations that they even advertise openly, even participating in industry events with promotional stands.
The investigations by AMLBot have revealed the presence of malware ads targeting specific platforms like Hedera (HBAR). This is a sign that the recruitment of technical talents is actively taking place in niche online spaces.
The growth of the phenomenon is also confirmed by the data from Kaspersky. According to the latter, the dark web forums dedicated to drainers have increased from 55 in 2022 to 129 in 2024.
In 2024 alone, Scam Sniffer reported 494 million dollars stolen through these tools, an increase of 67% compared to the previous year. The ease of access and the lack of technical barriers make drainers one of the most serious threats for those who own cryptocurrencies.
Once a safe haven for cybercriminals, Telegram has started to lose popularity among hackers after reports emerged that the platform would begin to share data with authorities.
This has driven many malicious actors to return to the Tor network, where anonymity is more difficult to breach.
The migration to even darker digital environments makes the work of law enforcement even more complex, but not impossible.
Microsoft’s action against Lumma Stealer demonstrates that, with the right combination of technology, international collaboration, and legal intervention, it is possible to deliver significant blows even to the most sophisticated criminal networks.
A strong signal to the world of cybercrime
The intervention by Microsoft is not just a technical action, but also a clear message. That is, technology companies are ready to fight cybercrime on all fronts.
By blocking thousands of sites and collaborating with global authorities, Microsoft has demonstrated that digital defense can be effective, even against rapidly evolving threats like Lumma Stealer.
