Cloudflare, through its threat intelligence division Cloudforce One and Trust and Safety team, played a key role in a coordinated global operation to disrupt Lumma Stealer, a notorious Malware-as-a-Service platform that has enabled widespread cybercrime.
Lumma Stealer—also known as LummaC2—has been actively exfiltrating sensitive information like login credentials, cryptocurrency wallets, and browser cookies from infected devices. These stolen assets are then weaponized for identity theft, financial fraud, and enterprise-level breaches that often culminate in ransomware attacks.
Cloudflare joined forces with Microsoft, the U.S. Department of Justice, Europol’s EC3, Japan’s JC3, and other private-sector cybersecurity firms in the takedown effort. The goal: disrupt Lumma’s command infrastructure and deny operators access to their control panels and illicit marketplaces.
“Disrupting Lumma Stealer helps dismantle a major enabler of digital crime. We’re proud to collaborate globally to protect the Internet and make it safer for everyone.”
The malware, typically delivered through phishing campaigns and malvertising, posed a growing threat to both enterprise and individual users. The takedown operation is expected to significantly hinder Lumma’s operations and its underground economy.
Cloudflare recommends a multi-layered defense strategy to mitigate risks, including endpoint hardening, DNS filtering, regular software updates, browser hygiene, and user training. The company also urges enterprises to monitor for unusual behaviors like unauthorized PowerShell activity or suspicious outbound connections to rare domains and Telegram APIs.
This operation underscores the growing importance of public-private collaboration in battling the evolving infostealer threat landscape.
