Law Enforcement Seize Domains Linked to Seed Phrase Stealing Malware LummaC2
Law enforcement agencies seized infrastructure linked to LummaC2, a malware operation that targeted millions globally and stole crypto wallet seed phrases. The operation involved the U.S. Department of Justice, Europol, Japan's Cybercrime Control Center, Microsoft, and cybersecurity partners. Following initial seizures of two websites, Lumma administrators quickly established new domains, which were also seized. Microsoft reported over 394,000 infections on Windows systems from March to May 2025 and disabled over 2,300 supporting domains through a civil action. Malware like LummaC2 facilitates crimes such as fraudulent bank transfers and cryptocurrency theft. Despite a shift towards malware-free attacks, demand for Malware-as-a-Service tools persists. The FBI noted Lumma's involvement in 1.7 million theft attempts. Lumma, controlled by a Russian developer known as "Shamel," has been used in campaigns impersonating Booking.com and targeting various sectors, including education and healthcare. Microsoft continues to monitor emerging variants of Lumma, which remains a significant threat.
