Defending networks from malware, together with Lumma Stealer, with Azure Firewall Premium

Azure Firewall Premium has included protections towards Lumma Stealer since 2022, with over 2,700 intrusion detection and prevention (IDPS) signatures particularly designed to determine and block Lumma-related activity. Backed by Microsoft’s world menace intelligence, our firewall telemetry confirms that Azure Firewall is actively intercepting and stopping hundreds of Lumma-related assaults concentrating on Windows methods all over the world.

With Azure Firewall, organizations profit from steady safety towards rising threats, powered by real-time updates and insights from one of many world’s largest security networks.

About Lumma Stealer

Lumma Stealer is a classy, extensively used information-stealing malware designed to reap delicate knowledge, equivalent to login credentials, financial particulars, and cryptocurrency wallets. Initially showing in Russian cybercrime boards round 2022, its recognition surged because of its effectiveness, notably as different infostealers like Redline declined. In 2025 alone, it compromised over 394,000 Windows computer systems globally, considerably impacting individuals and organizations by facilitating large-scale data theft and monetary fraud.

In response, the Microsoft cybersecurity crew spearheaded a coordinated worldwide operation involving authorized actions and infrastructure disruptions, efficiently seizing about 2,300 domains tied to Lumma Stealer. Extra info on our actions is revealed in a detailed menace intelligence weblog.

Azure Firewall Premium responds to threats

Azure Firewall Premium helps automate the replacement of the newest and correct rule sets for detecting and blocking superior and rising threats. Up to date every day, Azure Firewall covers greater than 40 different classes of malware, command and management, credential phishing, DDoS, botnets, community anomalies, exploits, vulnerabilities, SCADA exploit equipment exercise, and way more.

Azure Firewall helps over 72,000 guidelines, with 30 to 50+ new guidelines launched every day. Clients have visibility through the portal to assess the signature. Regardless of the dynamic nature of the signatures, Azure Firewall protection is correct and low on false positives, with fewer than 5 false positives reported by prospects since launch.

Lumma mitigations

The Azure Firewall Lumma malware signature is included underneath the energetic signature set. Since its detection again in 2023, Azure Firewall has been updating its energetic signature set. We now have more than 2700+ Lumma signatures related to numerous domains.

The above screenshot exhibiting energetic Lumma signatures was launched in 2023

The above screenshot exhibiting energetic Lumma signatures was launched just lately, in May 2025

Fleet telemetry

Azure Firewall fleet monitoring has detected a whole lot of cases of Lumma Stealer makes an attempt efficiently blocked by the firewall. The telemetry under confirms the effectiveness of our layered protection technique and reinforces the power of our providing.

Screenshot exhibits the IDPS hits for Lumma malware over the previous 90 days.

Conclusion

Azure Firewall Premium has been confirmed to be a strong and efficient protection mechanism against the Lumma Stealer malware. With its intensive rule set and proactive updates, Azure Firewall Premium has efficiently blocked hundreds of Lumma Stealer attempts, safeguarding Windows systems globally.

The coordinated efforts of the Microsoft cybersecurity crew and the continual enhancements to Azure Firewall Premium capabilities underscore our dedication to offering top-tier safety options. As cyber threats evolve, Azure Firewall Premium remains an essential part in our protection technique, guaranteeing the safety of delicate knowledge and sustaining the integrity of our digital infrastructure. As a best apply, we suggest deploying Azure Firewall Premium to enhance your community safety to safe of your Azure digital infrastructures.