TechFlow news, May 22 — According to Decrypt, law enforcement agencies have successfully seized key infrastructure of the LummaC2 malware, which has targeted millions of users to steal cryptocurrency wallet recovery phrases. The operation was jointly conducted by the U.S. Department of Justice, Europol, Japan's Cybercrime Control Center, Microsoft, and other parties.
Microsoft data shows that between March and May 2025, over 394,000 Windows systems worldwide were infected with this malware. Through civil litigation, Microsoft has seized and disabled more than 2,300 domains supporting LummaC2 operations. The FBI confirmed that LummaC2 alone was involved in at least 1.7 million theft attempts.
The malware was launched in 2022 by a Russian developer using the alias "Shamel" and was primarily marketed through Telegram and Russian-language forums, offering tiered service packages that allow buyers to customize, distribute, and track stolen data.
