Microsoft Warns Hundreds Of Thousands Of PCs Are Infected With Data-Stealing Malware
Discovered in 2022, Lumma has become increasingly more pervasive, and it's currently one of the top go-to's for malicious actors. There have been wide-scale reports of Lumma being used in sophisticated cyber attacks, to break into victims' bank accounts or emails. Other times, it's used to encrypt sensitive data, at which point cybercriminals will usually demand a ransom before the data is released.
It's also worth noting that bad actors have gone beyond compromising individuals' sensitive information with Lumma. Lumma has been used in "attacks against critical infrastructure, such as the manufacturing, telecommunications, logistics, finance, and healthcare sectors" as well.
Two years ago, Shamel claimed to have about 400 clients for Lumma, distributed over platforms like Telegram or underground Russian-speaking forums. Due to Lumma's notoriety, Microsoft filed a complaint regarding the info stealer in the US District Court in the Northern District of Georgia, and following an order of the court, Microsoft was able to seize and take down over 2000 domains used to distribute the malware.
The Lumma malware is not totally unique; it's reminiscent of the XCSSET malware in many ways. XCSSET is a piece of malware that is difficult to detect and remove from compromised devices, and like Lumma, it has been on a rampage for a while now. Although Microsoft claimed to have truncated communication between Lumma key infrastructures and compromised devices, you need to take precautions to protect your systems anyway. Microsoft reiterates that "using multi-factor authentication, running the latest anti-malware software, and being cautious with attachments and email links" can protect your devices from malware like Lumma and XCSSET.
