A global strike on a malware-as-a-service giant
LummaC2, also known simply as Lumma, is a sophisticated Malware-as-a-Service (MaaS) sold on underground forums since 2022. It enables threat actors to steal login credentials, credit card information, cryptocurrency wallet data, and other sensitive digital assets.
In the blog, Microsoft revealed that between March 16 and May 16 this year, it detected over 394,000 Windows devices globally infected by Lumma. The malware’s reach spans across industries and geographies — from critical infrastructure and education systems to financial institutions and gaming communities.
“Lumma has become a go-to tool for cybercriminals and ransomware operators, including the notorious Octo Tempest group,” Microsoft stated in the blog post, emphasizing the malware’s evasive capabilities and ease of use. It often spreads via phishing campaigns, fake ads, and impersonation of trusted brands like Booking.com and Microsoft itself.
