The Department of Justice (DOJ) seized 5 domains controlling LummaC2 malware that stole information from 1.7 million victims, including Seed Phrase and cryptocurrency wallet data.
The United States Department of Justice (DOJ) announced on May 21 that it successfully seized 5 domains related to the operation of LummaC2, a malware specialized in stealing personal information under the malware-as-a-service model. The operation took place on May 19-20 to dismantle the technical infrastructure used to access stolen data and deploy malware on a global scale.
According to the FBI, LummaC2 was used at least 1.7 million times to collect sensitive data from victims worldwide. Matthew R. Galeotti, head of the Criminal Division at DOJ, confirmed that the software was deployed to steal sensitive information from millions of victims, serving various types of crimes including fraudulent bank transfers and cryptocurrency theft.
The domains seized by the DOJ operated as "user control panels" where cybercriminals could manage infected devices and stolen data. Currently, when accessing these domains, users will see a seizure notice from the federal government, marking a significant disruption in the criminal network's operations.
Targeting Seed Phrase and Crypto Wallets
The court affidavit detailed the types of data targeted, including browser data, autofill information, login information for email and banking services, along with Seed Phrase - the recovery phrase that allows direct access to cryptocurrency wallets. These are highly valuable pieces of information on the black market, enabling criminals to directly appropriate victims' digital assets.
Parallel to the DOJ's actions, Microsoft has also filed a civil lawsuit to disrupt the operations of over 2,300 domains allegedly associated with the LummaC2 operators or their branches. The collaboration between law enforcement and the private sector demonstrates the severity of this threat to global cybersecurity.
The DOJ also emphasized the US State Department's "Rewards for Justice" program, offering rewards up to 10 million USD for information about cyber attack activities related to foreign states, especially those targeting critical US infrastructure. This reflects concerns about cybercriminal groups potentially backed by state actors targeting financial systems and cryptocurrencies.
