The method? It starts with something as familiar as a text.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory regarding LummaC2, a malware strain designed to steal sensitive data from victims' computer networks.

According to the advisory, the malware has been observed in action as recently as this month -- May 2025 -- with infections dating back to November 2023.

It poses a risk to critical infrastructure sectors and can exfiltrate private information once embedded in a system.

The advisory outlines known tactics and indicators used by attackers and urges organizations to review and implement the recommended mitigations to help reduce the likelihood of compromise.

For full technical details and protection tips, visit the advisory at ic3.gov.