23 May , 12:33
0
Microsoft sounds the alarm: dangerous Lumma stealer attacked nearly 400 thousand computers worldwide. According to the results of the corporation's internal investigation, during the period from March 16 to May 16, 2025, the LummaC2 malware infected more than 394 thousand Windows-based devices, including computers of Russian users.
The LummaC2 malware, created by the hacker group Storm-2477, operates on a "malware as a service" (MaaS) scheme and is aimed at stealing confidential data from browsers, crypto wallets, and other applications.
Microsoft experts discovered several key vectors for malware distribution: phishing campaigns, malicious advertisements, hidden downloads from compromised web resources, trojan programs, and fake CAPTCHA systems.
After penetrating the system, the stealer immediately begins collecting credentials, cookies, and autofill information. Cryptocurrency wallets such as MetaMask, Electrum, and Exodus are of particular interest to the attackers. VPN clients, email programs, FTP applications, and the popular Telegram messenger are also under threat.
Among the stolen information are user profiles, PDF, DOCX, and RTF format documents, as well as system telemetry — information about the processor, operating system version, and other technical characteristics.
One of the most common infiltration tactics of LummaC2 is disguising itself as Chrome browser updates or distributions of the popular text editor Notepad++. To minimize infection risks, experts strongly advise downloading software exclusively from official developer resources.
Microsoft confirms that Windows' built-in protection mechanisms are already capable of detecting LummaC2. Additional protection measures against this dangerous malware have also been integrated into Microsoft Defender for Office 365 and Defender for Endpoint.
