Background on Lumma Stealer and Its Developer, Shamel
Microsoft and Europol announced on Wednesday that they have collaborated with the US government to neutralize the infrastructure enabling the spread of a Russian-origin virus known as Lumma Stealer. This malware, also simply called Lumma, is a “Malware-as-a-Service” (MaaS) that has become the preferred tool for hundreds of cybercriminal groups posing a threat to cybersecurity.
Developed by a Russian programmer known as Shamel, Lumma Stealer was made available online starting in 2022. According to an interview with cybersecurity blogger g0onxja at the end of 2023, Shamel claimed to have around 400 clients and even created a logo for his software, featuring a white bird on a blue background.
Identifying and Taking Action Against Infected Computers
Between mid-March and mid-April, Microsoft’s Cybercrime Division (DCU) identified approximately 394,000 Windows-based computers worldwide infected with Lumma Stealer. The majority of these infections were concentrated in the United States, Mexico, Brazil, Western Europe, and Japan.
Legal Action and International Collaboration
Microsoft took legal action in a US court, specifically in Georgia, which authorized measures to disrupt the virus’s operation. In collaboration with Europol, the US Department of Justice, and Japan’s Cybercrime Control Center (JC3), Microsoft successfully blocked, suspended, or deleted around 2,300 internet addresses that formed the backbone of Lumma.
The US Department of Justice also gained control over the central entity in the Lumma ecosystem, hindering the use of the platform designed for reselling stolen data by the virus.
Impact and Future of Cybercrime Fighting
Edvardas Sileris, head of Europol’s European Cybercrime Centre, commented on the operation: “This action clearly demonstrates how public-private collaboration is transforming the fight against cybercrime.”
Key Questions and Answers
- What is Lumma Stealer? Lumma Stealer is a Malware-as-a-Service (MaaS) tool that has become popular among hundreds of cybercriminal groups for stealing data, posing a significant threat to global cybersecurity.
- Who developed Lumma Stealer? A Russian programmer known as Shamel created and sold Lumma Stealer online starting in 2022.
- Which organizations collaborated to dismantle Lumma Stealer’s infrastructure? Microsoft, Europol, the US Department of Justice, and Japan’s Cybercrime Control Center (JC3) worked together to neutralize Lumma Stealer’s infrastructure.
- What measures were taken against Lumma Stealer? Approximately 2,300 internet addresses were blocked, suspended, or deleted, and control over the central entity in the Lumma ecosystem was gained to hinder data reselling.
- What is the significance of this collaboration? The successful operation highlights the importance of public-private partnerships in combating cybercrime, as stated by Edvardas Sileris from Europol.
