Global service giants for malware
Lummac2 (also known as Lumma) is an exquisite malware service (MAAS) sold on underground forums since 2022. It enables threat actors to steal login certificates, credit card information, cryptocurrency wallet data and other sensitive digital assets.
In the blog, Microsoft revealed that between March 16 and May 16 this year, it discovered more than 394,000 Windows devices infected by Lumma. Malware coverage spans industries and geography, from critical infrastructure and education systems to financial institutions and gaming communities.
“Lumma has become the tool of choice for cybercriminals and ransomware operators, including the infamous Octo Tempest Group,” Microsoft said in a blog post. It often goes through phishing campaigns, fake advertising, and imitation of trusted brands of Booking.com and Microsoft itself, such as Microsoft itself.
