According to Microsoft, some 400,000 Windows computers have been infected with the Lumma malware.

According to Microsoft, some 400,000 Windows computers have been infected with the Lumma malware.
A malware-as-a-service product known as Lumma Stealer has infected hundreds of thousands of Windows machines, according to an announcement made by Microsoft on Wednesday. The company also said that it has disrupted connections between the virus and victims all around the globe.
Facts That Are Crucial
Microsoft reports that between March 16 and May 16, more than 394,000 Windows systems across the world were infected with the Lumma strain of malware.
In addition to capturing over 1,300 domains that were used by the virus, Microsoft was further successful in cutting off connections between the infection and its victims.
It is planned to reroute three hundred domains to Microsoft sinkholes, which are managed domains that are used for the purpose of capturing and analyzing harmful traffic.
Microsoft has said that it has “seized and facilitated the takedown, suspension, and blocking” of malicious domains that functioned as the basis of Lumma’s operation. The company also mentioned that the Justice Department has also seized the “central command structure” for Lumma and disrupted the marketplaces in which it is sold.
What exactly is the Lumma?
Hackers often employ the software, which impersonates trustworthy firms, to monetise stolen information or abuse victims. Lumma is a malware-as-a-service product that originates from Russia and is offered in underground forums to hackers. Lumma has been used to target passwords, financial information, and cryptocurrency wallets, which has enabled hackers to hold information for ransom or disrupt it. A hacking effort that employed phishing assaults mimicking an online travel firm called Booking.com was reportedly responsible for the discovery of the virus by the hackers. In general, Lumma has been used to target gaming groups as well as industries such as healthcare, telecommunications, banking, manufacturing, and logistics.
What We Are Not Aware Of
Specifically, the location in the globe where the Lumma assaults that took place between March 16 and May 16 were carried out. Additionally, Microsoft did not clarify whether the systems belonged to individuals or companies, nor did it indicate which industries, if any, were harmed by the attacks they discovered.
About 400 is a significant number. That is the number of active customers that the developer of Lumma, who goes by the name “Shamel,” claimed to have in the year 2023.
An Important Context
According to data conducted by the information technology software company Check Point, the number of cyber assaults has dramatically grown in 2025. The company also claimed that the worldwide education sector had the largest number of attacks in the first quarter of this year, which amounted to 4,484 instances per week. New technologies, such as generative artificial intelligence, are assisting hackers in the staging of more complex assaults, according to a global cybersecurity perspective published by the World Economic Forum in 2025. The report also noted a significant rise in the number of phishing and social engineering attempts that occurred in the previous year. A lack of monitoring into the cybersecurity capabilities of suppliers has generated additional risk for firms, according to the forum, which named supply chain vulnerabilities as the top cyber risk. The forum also said that the growing complexity of contemporary supply chains has contributed to this risk.