The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have issued a joint advisory warning organizations about an ongoing threat involving the LummaC2 info-stealing malware, which has been actively targeting U.S. critical infrastructure sectors as recently as May 2025. First appearing on Russian-language cybercriminal forums in 2022, LummaC2 is typically delivered through spearphishing emails, malicious links, and fake software downloads. In some cases, users are tricked into executing the malware via deceptive CAPTCHA prompts that launch hidden PowerShell scripts. Once deployed, LummaC2 can silently exfiltrate sensitive data including personally identifiable information, financial credentials, cryptocurrency wallets, browser extensions, and multifactor authentication details. The malware is heavily obfuscated, allowing it to bypass many traditional security tools such as antivirus software and endpoint detection and response solutions. Technical analysis shows that LummaC2 uses encrypted communications with command-and-control (C2) servers and contains mechanisms to avoid running on systems associated with its developers, likely to evade detection during testing. From April to June 2024, over 21,000 LummaC2 logs were found for sale on underground forums—a nearly 72% increase from the same period in 2023—indicating a sharp rise in its use by cybercriminals. CISA and the FBI strongly encourage organizations to implement recommended mitigations, monitor for indicators of compromise, and review the full advisory.