Microsoft Threat Intelligence observed the persistent growth and operational sophistication of Lumma Stealer, an info-stealing malware used by multiple financially motivated threat actors to target various industries.

Microsoft has teamed up with law enforcement agencies across the globe to disrupt the infrastructure behind one of the world’s most notorious infostealer operations. Microsoft said that, between March 16 and May 16, it identified over 394,000 Windows computers globally that were infected with Lumma Stealer malware.

US, European, and Japanese authorities, along with tech companies including Microsoft and Cloudflare, say they’ve disrupted Lumma, an infostealer popular with criminal gangs.

Earlier this month, a coordinated disruption action targeting the Lumma malware-as-a-service (MaaS) information stealer operation seized thousands of domains, part of its infrastructure backbone worldwide.

Law enforcement and Microsoft struck a blow against malware used to steal login credentials and financial data, seizing the central command structure and thousands