📢 Announcing Public Preview: Organizational Templates in Azure Logic Apps
June 21, 2025AI-102 Now Correctly Listed as 5-Day Course in Title Plan
June 21, 2025
Azure Firewall Premium has included protections against Lumma Stealer since 2022, with over 2,700 intrusion detection and prevention (IDPS) signatures specifically designed to identify and block Lumma-related activity. Backed by Microsoft’s global threat intelligence, our firewall telemetry confirms that Azure Firewall is actively intercepting and preventing thousands of Lumma-related attacks targeting Windows systems around the world.
With Azure Firewall, organizations benefit from continuous protection against emerging threats—powered by real-time updates and insights from one of the world’s largest security networks.
About Lumma Stealer
Lumma Stealer is a sophisticated, widely used information-stealing malware designed to harvest sensitive data such as login credentials, financial details, and cryptocurrency wallets. Initially appearing in Russian cybercrime forums around 2022, its popularity surged due to its effectiveness, particularly as other infostealers like Redline declined. In 2025 alone, it compromised over 394,000 Windows computers globally, significantly impacting both individuals and organizations by facilitating large-scale data theft and financial fraud.
In response, the Microsoft cybersecurity team spearheaded a coordinated international operation involving legal actions and infrastructure disruptions, successfully seizing about 2,300 domains tied to Lumma Stealer. More information on our actions is published in detailed threat intelligence blog post.
Azure Firewall Premium response to threats
Azure Firewall Premium supports automated update of latest and accurate rulesets for detecting and blocking advanced and emerging threats. Updated daily, Azure Firewall covers more than 40 different categories of malware command and control, credential phishing, DDoS, botnets, network anomalies, exploits, vulnerabilities, SCADA exploit kit activity, and much more.
Azure Firewall supports over 72,000 rules with 30 to 50+ new rules released each day. Customers have visibility via the portal to review the signature. Despite the dynamic nature of the signatures, Azure Firewall defense is both accurate and low on false positives with less than 5 false positives reported by customers since launch.
Lumma mitigations
The Azure Firewall Lumma malware signature is covered under the active signature set. Since its detection back in 2023, Azure Firewall has been updating its active signature set. We now have more than 2700+ Lumma signatures associated with various domains.
Above screenshot showing active Lumma signatures released 2023
Above screenshot showing active Lumma signatures released recently May 2025
Fleet telemetry
Azure Firewall fleet monitoring has detected hundreds of instances of Lumma Stealer attempts successfully blocked by the firewall. The telemetry below confirms the effectiveness of our layered defense strategy and reinforces the strength of our offering.
Screenshot shows the IDPS hits for Lumma malware over the past 90 days.
Azure Firewall Premium has proven to be a robust and effective defense mechanism against the Lumma Stealer malware. With its extensive rule set and proactive updates, Azure Firewall Premium has successfully blocked thousands of Lumma Stealer attempts, safeguarding Windows systems globally.
The coordinated efforts of the Microsoft cybersecurity team and the continuous enhancements to Azure Firewall Premium capabilities underscore our commitment to providing top-tier security solutions. As cyber threats evolve, Azure Firewall Premium remains a critical component in our defense strategy, ensuring the protection of sensitive data and maintaining the integrity of our digital infrastructure. As best practice, we recommend deploying Azure Firewall Premium to boost your network security to secure of your Azure digital infrastructures.