Lumma meets LolzTeam

Despite a coordinated May 21 takedown by the FBI, Microsoft, and partners, the report shows the Lumma infostealer ecosystem remains active, with functioning Telegram sales/support channels, an operational logs marketplace showing post-takedown infections (~10.6K), continued development, and published pricing tiers. It links the operation to broader cybercrime markets (Lolzteam, additional Telegram channels), details crypto deposit addresses used for monetization, and notes associations with other malicious activity, underscoring the resilience and redundancy of this criminal enterprise.