Microsoft Threat Intelligence observed the persistent growth and operational sophistication of Lumma Stealer, an info-stealing malware used by multiple financially motivated threat actors to target various industries.

Earlier this month, a coordinated disruption action targeting the Lumma malware-as-a-service (MaaS) information stealer operation seized thousands of domains, part of its infrastructure backbone worldwide.

Microsoft said Wednesday that it broke down the Lumma Stealer malware project with the help of law enforcement officials across the globe.

According to FBI Deputy Assistant Director for Cyber Operations Brett Leatherman, who called it the "most prolific information stealer for sale in online criminal markets," Lumma has been used in at least 1.7 million instances of this kind of data theft since November 2023.

The collaborative effort worked to seize the takedown of some 2,300 domains that backed the web infrastructure of Lumma Stealer, sold to help hackers steal passwords and deploy ransomware around the world.