The U.S. Justice Department has seized five internet domains allegedly used to operate the LummaC2 malware service, an infostealer responsible for compromising over 1.7 million devices worldwide.
The action, executed with court-authorized warrants, disrupts one of the most popular information-stealing malware platforms available on underground forums.
According to court documents, LummaC2 was used by cybercriminals to extract sensitive data such as login credentials, browser autofill data, banking details, and cryptocurrency seed phrases. These were then used for crimes including identity theft, fraudulent financial transactions, and unauthorized access to digital wallets.
“This disruption is another example of how our prosecutors, agents, and private sector partners work together to combat cyber threats,” said Sue J. Bai, head of the DOJ’s National Security Division. FBI Cyber Division Assistant Director Bryan Vorndran added, “We targeted the infrastructure that cybercriminals depend on, making it more difficult and painful for them to operate.”
The FBI’s Dallas Field Office led the investigation. After initially seizing two domains on May 19, 2025, the agency quickly moved to seize three additional domains the following day, following attempts by LummaC2 administrators to relocate their operations.
In a coordinated move, Microsoft also filed an independent civil action to dismantle over 2,300 additional domains tied to LummaC2 and its affiliates, further hampering the malware’s distribution and reach.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Visitors to the seized domains will now see a message from the U.S. government indicating the site has been taken down.
