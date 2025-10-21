Activity of the Lumma information-stealing malware , also known as LummaC2, has sharply declined amid an underground doxing campaign that exposed the five alleged primary members of the operation, which is also tracked as Storm-2477 and Water Kurita, last month, according to SecurityWeek

Purported Lumma Stealer operation members, including its administrator and developer, had their email addresses, bank account details, passport numbers, and online profile links exposed in the Lumma Rats website as part of the campaign, which is believed to have been conducted by an actor with insider access, a report from Trend Micro showed.

"It is important to note that the accuracy of the doxed information and the actual involvement of the named individuals have not been independently verified. The campaign may also be motivated by personal or competitive grudges, and attribution should be treated with caution," said Trend Micro.

While Lumma infostealer usage dwindled after its operators failed to communicate with customers folllowing the incident, threat actors have since transitioned to the StealC and Vidar infostealers.