Beware: 394,000 Windows PCs hit by Lumma malware in just 2 months, Microsoft warns

Keep your PCs protected

News

Reading time icon 2 min. read

Calendar icon Published on

by Rishaj Upadhyay 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

Malware feature image

The feature image has been generated using Microsoft 365 Create

Microsoft has issued a serious warning about a fast-spreading malware strain known as “Lumma.” In just two months, from March 16 to May 16, 2025, the Lumma malware has infected over 394,000 Windows PCs worldwide.

Microsoft warns Windows PC users about the new ‘Lumma” malware

Lumma, also called LummaC2, is a malware-as-a-service (MaaS) created by a group Microsoft tracks as Storm-2477. It’s designed to steal personal and sensitive data, including passwords, cookies, crypto wallets, and even system metadata.

Attackers can rent and deploy it as part of phishing attacks and fake software campaigns. Microsoft also shared a heat map showing Lumma’s reach. The malware has been most active in Europe, parts of India, and the eastern United States.

How does Lumma spread?

The malware uses a wide net to catch victims. Microsoft says it’s being distributed through:

  • Phishing emails
  • Malvertising (fake ads, like bogus Chrome updates or Notepad++ downloads)
  • Drive-by downloads from hacked websites
  • Trojanized apps
  • Fake CAPTCHAs that trick users into clicking dangerous links

Even if you’re careful and get your browser from a legitimate source, you’re not completely safe. Lumma has many ways in. Once it lands on a system, it starts harvesting everything it can.

Here’s what Lumma can steal

Microsoft outlines Lumma’s capabilities in detail:

  • Passwords and cookies from Chrome, Edge, Firefox, and other browsers
  • Crypto wallets like MetaMask, Electrum, and Exodus
  • Data from VPNs, email, and FTP clients, and Telegram
  • Documents with .pdf, .docx, or .rtf extensions
  • System info like CPU, OS version, installed apps, and locale

Windows Defender now flags Lumma variants, thankfully

There is good news—Microsoft says Defender antivirus now detects LummaC2 under the following Trojans and suspicious behaviour:

  • Behavior:Win32/LuammaStealer
  • Trojan:JS/LummaStealer
  • Trojan:MSIL/LummaStealer
  • Trojan:Win32/LummaStealer
  • Trojan:Win64/LummaStealer
  • TrojanDropper:Win32/LummaStealer
  • Trojan:PowerShell/Powdow
  • Trojan:Win64/Shaolaod
  • Behavior:Win64/Shaolaod
  • Behavior:Win32/MaleficAms
  • Behavior:Win32/ClickFix
  • Behavior:Win32/SuspClickFix
  • Trojan:Win32/ClickFix
  • Trojan:Script/ClickFix
  • Behavior:Win32/RegRunMRU
  • Trojan:HTML/FakeCaptcha
  • Trojan:Script/SuspDown

We recommend that our readers regularly scan their PCs for spotting such malware.

More about the topics: lumma malware, malware, Windows 11

Rishaj Upadhyay

Rishaj Upadhyay Shield

News Editor

Rishaj is a tech writer who has been writing professionally for over four years, with a passion for Android, Windows, and all things tech. He initially joined Windows Report as a tech journalist and is now taking over as a news editor. He also writes for AndroidHeadlines. In the past, he has covered features, guides, and listicles for YTECHB and TechieTechTech. When he's not breaking the keyboard, you can find him cooking, or listening to music/podcasts.

User forum

0 messages