Microsoft has dismantled a major cybercrime operation centred around the Lumma Stealer malware, which had infected over 394,000 Windows devices globally.

In partnership with global law enforcement and industry partners, Microsoft seized more than 1,300 domains linked to the malware.

The malware was known for stealing sensitive data such as login credentials, bank details and cryptocurrency information, making it a go-to tool for cybercriminals since 2022.

The takedown followed a court order from a US federal court and included help from the US Department of Justice, Europol, and Japan's cybercrime unit.

Microsoft's Digital Crimes Unit also received assistance from firms like Cloudflare and Bitsight to disrupt the infrastructure that supported Lumma's Malware-as-a-Service network.

The operation is being hailed as a significant win against a sophisticated threat that had evolved to target Windows and Mac users. Security experts urge users to adopt strong cyber hygiene, including antivirus software, two-factor authentication, and password managers.

Microsoft's action is part of a broader effort to tackle infostealers, which have fuelled a surge in data breaches and identity theft worldwide.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!