The U.S. Department of Justice has unsealed two warrants authorizing the seizure of five internet domains used to operate the LummaC2 malware—a notorious information-stealing tool responsible for millions of cyberattacks worldwide.
In a coordinated effort with Microsoft and other private sector partners, this action represents a major disruption of one of the most widely used infostealer services in online criminal marketplaces.
Malware Service Targeted Millions with Credential Theft
LummaC2, a malicious platform rented and distributed by cybercriminals, allowed users to harvest browser data, login credentials, autofill content, and cryptocurrency wallet seed phrases from infected devices.
According to court documents, the FBI has identified at least 1.7 million instances where LummaC2 was used to steal sensitive personal and financial information.
Authorities said the seized domains acted as control panels that enabled LummaC2 affiliates to manage infections and deploy the malware.
DOJ, FBI, and Microsoft Coordinate Multi-Day Takedown
The operation began on May 19, 2025, when the government seized two domains linked to LummaC2 activity. Just one day later, the malware administrators attempted to bypass the seizure by creating three new domains. On May 21, those domains were also seized, cutting off access for cybercriminals attempting to use the platform. Visitors to the seized sites now see a government notice confirming the shutdown.
Microsoft independently filed a civil action that resulted in the takedown of an additional 2,300 domains tied to LummaC2 operators or their affiliates.
Kosta Gushterov
Reporter at Coindoo
Kosta has been a part of the team since 2021 and has solidified his position with a thirst for knowledge, incredible dedication to his work and a “detective-like” mindset. He not only covers a wide range of trending topics, he also creates reviews, PR articles and educational content. His work has also been referenced by other news outlets.
Source: https://coindoo.com/doj-and-microsoft-disrupt-lummac2-malware-network-with-domain-seizures/