Microsoft has sounded the alarm on a pervasive piece of malware that has already infected hundreds of thousands of PCs. A few weeks ago, we reported on the Clop gang's involvement in the large-scale data leaks at Hertz.

Earlier this month, a coordinated disruption action targeting the Lumma malware-as-a-service (MaaS) information stealer operation seized thousands of domains, part of its infrastructure backbone worldwide.

Microsoft said Wednesday that it broke down the Lumma Stealer malware project with the help of law enforcement officials across the globe.

The messages seemed innocuous, mundane even. Someone posing as a prospective guest emailed a hotel questions about a purported comment left on Booking.com. Another message was supposedly from that third-party booking site to review negative guest feedback.

Lumma Stealer operation hit 400,000 computers worldwide before coordinated takedown shut down Russian cybercrime kingpin.

According to FBI Deputy Assistant Director for Cyber Operations Brett Leatherman, who called it the "most prolific information stealer for sale in online criminal markets," Lumma has been used in at least 1.7 million instances of this kind of data theft since November 2023.