Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11More than 394,000 Windows computers infected with data-stealing Lumma malware
In a new blog post, Microsoft has released some troubling malware numbers. The company warns that Lumma — a piece of information-stealing malware — has infected more than 394,000 Windows systems globally in just two months, from March 16, 2025 to May 16, 2025 .
According to Microsoft, Lumma Stealer (also known as LummaC2 ) is a malware-as-a-service (MaaS) developed by the Storm-2477 hacker group . Hackers have used Lumma to steal sensitive data from applications such as browsers, cryptocurrency wallets, and many other sources.
The tech giant also explained how Lumma is distributed through malicious campaigns including:
- Phishing Email
- Malvertising
- Drive-by downloads from compromised websites
- Fake apps contain malware
- Fake CAPTCHAs Fool Users
For example, in the case of malvertising , Microsoft points out that fake ads such as 'Download Notepad++' or 'Update Chrome' are used to lure victims. To avoid this trap, users should download applications only from the developer's official website . However, the risk does not stop there. Even when downloading the browser from a safe source, Lumma can still infiltrate the system through other methods. After a successful infection, Lumma can steal data from both Chromium-based browsers (Chrome, Edge) as well as Gecko-based browsers (Firefox).
Microsoft details Lumma's malicious capabilities as follows:
- Browser and cookie information : Extract saved passwords, session cookies, autofill data from Chromium, Edge, Firefox.
- Cryptocurrency Wallets and Extensions : Search for wallet files, browser extensions, and local keys related to MetaMask, Electrum, Exodus.
- Diverse applications : Steal data from VPN (.ovpn), email applications, FTP, Telegram.
- User Documents : Collect PDF, DOCX, RTF files from personal folders.
- System Information : Collect data such as CPU, OS version, installed applications to customize attacks later.
In the heat map below, Microsoft shows Lumma's wide reach, concentrated in Europe, the eastern United States, and parts of India :
There is some good news, though. Microsoft claims that Defender — its antivirus engine — was able to detect LummaC2 through warnings flagging it as a Trojan or displaying the following suspicious behavior:
- Behavior:Win32/LuammaStealer
- Trojan:JS/LummaStealer
- Trojan:MSIL/LummaStealer
- Trojan:Win32/LummaStealer
- Trojan:Win64/LummaStealer
- TrojanDropper:Win32/LummaStealer
- Trojan:PowerShell/Powdow
- Trojan:Win64/Shaolaod
- Behavior:Win64/Shaolaod
- Behavior:Win32/MaleficAms
- Behavior:Win32/ClickFix
- Behavior:Win32/SuspClickFix
- Trojan:Win32/ClickFix
- Trojan:Script/ClickFix
- Behavior:Win32/RegRunMRU
- Trojan:HTML/FakeCaptcha
- Trojan:Script/SuspDown
Defender for Office 365 and Defender for Endpoint are also getting similar detection updates. You can see technical details about Lumma in the official posts from Microsoft.
Jessica TannerYou should read it
- Microsoft: 100% of PCs in Vietnam are infected with malware
- New malware discovered that can bypass Windows SmartScreen and steal user data
- Detecting a new strain of malicious code that abuses Windows Installer to deploy infection activities
- New discovery of the first version of Stuxnet malicious code
- How to identify computers infected with viruses with 10 characteristic signs
- A series of malicious applications that collect user data, delete immediately if you are installing
- Signs that your computer is infected with malware
- 2 Dangerous Trojans are being distributed heavily through fake VPN webs
May be interested
- Detecting a Chrome extension infected with malicious code, stealing the password and the user's e-wallet key
zdnet, mega.nz reports - chrome's data sharing extension has been infected with malicious code. this malicious code has the ability to collect information about visitors' websites, account names, passwords and other data. - 9 things to do when detecting a computer infected with malwareviruses everywhere! email, social networks, malicious websites and advertising popups are always potential threats. although there are measures to prevent these threats, sometimes your computer is still infected. here are 9 things to do when detecting that the computer is infected with malware.
- What is BBBW Malware? How to remove and restore data?your device has been infected with the bbbw ransomware and the cybercriminals have encrypted your files. so how does this ransomware variant work? is it worth paying the ransom to decrypt your files?
- The number of malware on Macs is nearly double that of Windowsmacs are safer and less likely to be infected with malware than windows, which many users still trust. however, this is no longer true when a recent report showed that in 2019, the number of threats targeting the mac surpassed the pc by 2: 1.
- Is Smart TV infected with virus?the short answer is yes, a smart tv can be infected with viruses and malware. most of us don't realize that smart devices around the house are also susceptible to viruses and malware like phones and computers.
- Warning: 50% of COVID-19 tracking number maps are infected with malwaremore than 50% of the domain names associated with covid-19 were designed with the purpose of installing malware into people's computer systems.
- Microsoft: 100% of PCs in Vietnam are infected with malwarekorea, malaysia, thailand, vietnam are 4 countries with 100% pc infection rate. microsoft tried to buy 10 computers from vietnam's retail facilities, all with malicious code.
- If infected with this new virus, your chances of data recovery are 0%if ncov-infected patients still have a high chance of being cured, then the computer system infected with this new virus is almost unable to recover data.
- Malware spreads through crack software specializing in stealing Facebook, Instagram, and Twitter accountssecurity researchers have discovered an information-stealing malware called ffdroider. by stealing credentials and cookies stored in the browser, ffdroider can take control of the victim's social media accounts.
- Detecting malware infection campaign hidden in fake Windows 11 installerinternational security researchers have just issued an urgent notice about a sophisticated malicious attack campaign targeting windows users worldwide.
Tech info
- Another serious memory leak discovered in Intel chips
- Watch a robot solve a rubik's cube in just 0.1 seconds: breaking a guinness world record
- Nvidia confirms RTX 5060 GPU black screen and compatibility issues on some motherboards
- [Nostalgia Corner] - Project Ara, the impressive but ill-fated 'puzzle' smartphone project
- Microsoft may disable VBScript early in Windows 11 24H2/25H2, what to watch out for?
- NASA rover shares stunning images of Mars' moon Deimos
Another serious memory leak discovered in Intel chips
Watch a robot solve a rubik's cube in just 0.1 seconds: breaking a guinness world record
Nvidia confirms RTX 5060 GPU black screen and compatibility issues on some motherboards![[Nostalgia Corner] - Project Ara, the impressive but ill-fated 'puzzle' smartphone project](https://tipsmake.com/data8/thumbs_80x80/[nostalgia-corner]-project-ara-luyfx_thumbs_80x80_LtNZ43Y6Y.jpg)
[Nostalgia Corner] - Project Ara, the impressive but ill-fated 'puzzle' smartphone project
Microsoft may disable VBScript early in Windows 11 24H2/25H2, what to watch out for?
NASA rover shares stunning images of Mars' moon Deimos