Sign in Subscribe
Crime

US Justice Department Seizes Domains Linked to LummaC2 Malware in Global Cybercrime Crackdown

BitcoinProtocol.org

1 min read
US Justice Department Seizes Domains Linked to LummaC2 Malware in Global Cybercrime Crackdown

The U.S. Justice Department has taken decisive action against a major cybercrime tool, announcing the seizure of five internet domains connected to LummaC2, a notorious malware used to steal sensitive information from millions of victims worldwide. The operation, revealed on Wednesday, targets a sophisticated malware that has facilitated crimes such as fraudulent bank transfers and cryptocurrency theft.

The Justice Department detailed that LummaC2 malware has been a significant threat, infiltrating computer networks to extract browser data, autofill information, login credentials for banking services, and cryptocurrency wallet seed phrases. The FBI has identified at least 1.7 million instances of information theft linked to this malware, highlighting its widespread impact. By targeting critical infrastructure sectors in the U.S., LummaC2 has posed a direct risk to both individuals and organizations, making its disruption a priority for authorities.

Stay In The Loop and Never Miss Important Crypto News

Sign up and be the first to know when we publish

Swift Action and International Collaboration

The operation began with the seizure of two domains on May 19, 2025, which were used by LummaC2 administrators to distribute the malware. In response, the operators quickly launched three new domains on May 20, but the Justice Department, working with the FBI, moved rapidly to seize these as well on May 21. Visitors to these domains now encounter a Justice Department notice confirming the seizures, effectively halting their malicious activities.

The crackdown was a collaborative effort, involving not only the Justice Department and FBI but also Europol, Japan’s Cybercrime Control Center, and Microsoft. Matthew R. Galeotti, head of the Justice Department’s criminal division, emphasized the malware’s role in enabling a range of financial crimes, highlighting the importance of such operations. Microsoft further amplified the impact by pursuing a separate civil action to disrupt 2,300 additional domains allegedly tied to LummaC2 and its proxies, as announced in a company blog post.