An unknown actor has been continuously creating malicious Chrome Browser extensions since approximately February, 2024. The actor creates websites that masquerade as legitimate services, productivity tools, ad and media creation or analysis assistants, VPN services, Crypto, banking and more to direct users to install corresponding malicious extensions on Google’s Chrome Web Store (CWS). The extensions typically have a dual functionality, in which they generally appear to function as intended, but also connect to malicious servers to send user data, receive commands, and execute arbitrary code.
This joint operation targeted the sophisticated ecosystem that allowed Europol’s European Cybercrime Centre has worked with Microsoft to disrupt Lumma Stealer (“Lumma”), the world’s most significant infostealer threat.
This joint operation targeted the sophisticated ecosystem that allowed criminals to exploit stolen information on a massive scale. Europol coordinated with law enforcement in Europe to ensure action was taken, leveraging intelligence provided by Microsoft.
Between 16 March and 16 May 2025, Microsoft identified over 394 000 Windows computers globally infected by the Lumma malware. In a coordinated follow-up operation this week, Microsoft’s Digital Crimes Unit (DCU), Europol, and international partners have disrupted Lumma’s technical infrastructure, cutting off communications between the malicious tool and victims. In addition, over 1 300 domains seized by or transferred to Microsoft, including 300 domains actioned by law enforcement with the support of Europol, will be redirected to Microsoft sinkholes.
The Head of Europol’s European Cybercrime Centre, Edvardas Šileris, said: “This operation is a clear example of how public-private partnerships are transforming the fight against cybercrime. By combining Europol’s coordination capabilities with Microsoft’s technical insights, a vast criminal infrastructure has been disrupted. Cybercriminals thrive on fragmentation – but together, we are stronger.”
La Digital Crimes Unit (DCU) de Microsoft, en collaboration avec des partenaires internationaux, s’attaque à l’un des principaux outils utilisés pour dérober massivement des données sensibles, qu’elles soient personnelles ou professionnelles, à des fines cybercriminelles. Le mardi 13 mai, la DCU de Microsoft a engagé une action en justice contre Lumma Stealer (« Lumma »), un malware spécialisé dans le vol d’informations, largement utilisé par des centaines d’acteurs de la menace cyber. Lumma vole des mots de passe, des cartes de crédit, des comptes bancaires et des portefeuilles de cryptomonnaies. Cet outil a permis à des criminels de bloquer des établissements scolaires afin de récupérer une rançon, de vider des comptes bancaires et de perturber des services essentiels.
Grâce à une décision de justice rendue par le tribunal fédéral du district nord de la Géorgie, la Digital Crimes Unit (DCU) de Microsoft a procédé à la saisie et à la mise hors ligne d’environ 2 300 domaines malveillants, qui constituaient l’infrastructure centrale de Lumma. Parallèlement, le département de la Justice américain (DOJ) a démantelé la structure de commande principale du malware et perturbé les places de marché où l’outil était vendu à d’autres cybercriminels. Europol, via son Centre européen de lutte contre la cybercriminalité (EC3), ainsi que le Centre de lutte contre la cybercriminalité du Japon (JC3), ont contribué à la suspension de l’infrastructure locale de Lumma.
Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems.
Three security issues, two of them critical, were publicly disclosed by researchers at the vulnerability management firm ProjectDiscovery after reporting them to the vendor and receiving no confirmation of the bugs being addressed.
Versa Concerto is the centralized management and orchestration platform for Versa Networks' SD-WAN and SASE (Secure Access Service Edge) solutions.
Three security issues, two of them critical, were publicly disclosed by researchers at the vulnerability management firm ProjectDiscovery after reporting them to the vendor and receiving no confirmation of the bugs being addressed.
Versa Concerto is the centralized management and orchestration platform for Versa Networks' SD-WAN and SASE (Secure Access Service Edge) solutions.
