Microsoft Threat Intelligence observed the persistent growth and operational sophistication of Lumma Stealer, an info-stealing malware used by multiple financially motivated threat actors to target various industries.

Microsoft has sounded the alarm on a pervasive piece of malware that has already infected hundreds of thousands of PCs. A few weeks ago, we reported on the Clop gang's involvement in the large-scale data leaks at Hertz.

Earlier this month, a coordinated disruption action targeting the Lumma malware-as-a-service (MaaS) information stealer operation seized thousands of domains, part of its infrastructure backbone worldwide.

Microsoft, the U.S. Justice Department, Europol and Japan’s Cybercrime Control Center are targeting the Lumma Stealer malware in an international operation. A court order has empowered the group to start taking it down.

The messages seemed innocuous, mundane even. Someone posing as a prospective guest emailed a hotel questions about a purported comment left on Booking.com. Another message was supposedly from that third-party booking site to review negative guest feedback.

Microsoft said Wednesday that it broke down the Lumma Stealer malware project with the help of law enforcement officials across the globe.

US, European, and Japanese authorities, along with tech companies including Microsoft and Cloudflare, say they’ve disrupted Lumma, an infostealer popular with criminal gangs.