Lumma Malware Spreads Rapidly, Hits Chrome, Edge, and Firefox Users

Lumma Malware Spreads Rapidly, Hits Chrome, Edge, and Firefox Users

In a recent report, Microsoft revealed that over 394,000 Windows devices were infected by the Lumma (or LummaC2 ) malware in just two months — from March 16 to May 16, 2025. This information-stealing malware, developed by the threat actor Storm-2477, is sold as a service to cybercriminals and is designed to harvest sensitive data from browsers, crypto wallets, and other apps.

Lumma spreads through phishing emails, malicious ads (malvertising ), drive-by downloads, fake CAPTCHAs, and trojanized software. Attackers often disguise it as legitimate downloads like “Notepad++” or “Chrome updates” to trick users into installing it.

Even if users avoid fake download pages, Lumma can still infect their systems through other means. Once installed, it targets:

  • Browser data : Saved passwords, cookies, and autofill info from Chrome, Edge, and Firefox.
  • Crypto wallets : Information from MetaMask, Electrum, Exodus, and related browser extensions.
  • Other apps : Data from FTP clients, email services, Telegram, and VPN configurations.
  • User files : Documents like PDFs, Word files, and RTFs.
  • System details : CPU specs, OS version, and installed programs for further targeting.

Microsoft’s analysis shows the infection has hit regions across Europe, the eastern U.S., and parts of India the hardest.

Not All the News Is Negative

Microsoft closed its report with some encouraging news: its Defender Antivirus software can now detect the LummaC2 malware. It identifies the threat under several detection names, including:

  • Behavior:Win32/LummaStealer
  • Trojan:JS/LummaStealer
  • Trojan:MSIL/LummaStealer
  • And others such as Trojan:Win32/LummaStealer, Trojan:Win64/LummaStealer, and TrojanDropper:Win32/LummaStealer

Additional detections include threats like Trojan:HTML/FakeCaptcha, Trojan:PowerShell/Powdow, and several related indicators of compromise.

This protection also extends to Microsoft Defender for Office 365 and Microsoft Defender for Endpoint , giving businesses and users an added layer of security.

For more in-depth technical analysis, you can read Microsoft’s full blog post here and the official announcement here .

Spread the love