Windows users warned about mass infection with dangerous virus

Microsoft Corporation sounds the alarm: the dangerous Lumma (LummaC2) stealer is rapidly spreading worldwide. According to the company's internal investigation, in two months - from March 16 to May 16, 2025 - the malware infected more than 394 thousand Windows-based computers, including devices of Russian users.

LummaC2, developed by the cybercriminal group Storm-2477, operates on a "malware as a service" (MaaS) model and specializes in stealing confidential information from browsers, cryptocurrency wallets, and other applications.

Microsoft specialists have identified several main channels for virus distribution: phishing emails, malicious advertising, hidden downloads on compromised websites, trojans, and fake CAPTCHA systems.

Once in the system, the stealer begins actively collecting credentials, cookies, and autofill information. The malware pays special attention to cryptocurrency wallets such as MetaMask, Electrum, and Exodus. Additionally, VPN clients, email programs, FTP applications, and Telegram messenger are also targeted.

The list of stolen data includes user profiles, documents in PDF, DOCX, and RTF formats, as well as system telemetry - information about the processor, operating system version, and other technical parameters.

One of the most common ways LummaC2 infiltrates is by disguising itself as Chrome browser updates or installation files for the popular text editor Notepad++. To protect against such attacks, experts strongly recommend downloading software exclusively from developers' official websites.

Microsoft assures that Windows' built-in security mechanisms are already capable of detecting LummaC2. Additionally, protection measures against this malware have been integrated into Microsoft Defender for Office 365 and Defender for Endpoint.