Cyber agency warns thousands after major malware infection
The National Cyber Security Centre (NCSC) has alerted around 26,000 New Zealand email accounts after confirming that a dangerous malware called Lumma Stealer could have infected their devices. Officials say the software has potentially stolen passwords and login credentials including some tied to banking or government accounts.
The alert follows an international cyber-threat disclosure. According to the NCSC and its partners, compromised data triggered a wide-scale outreach this week the biggest of its kind the agency has run.
What is Lumma Stealer, and how it works
Lumma Stealer is a type of “info-stealer” malware targeting computers running Microsoft Windows. Once installed, it can harvest sensitive data: saved passwords, browser-stored credentials, cookies, and sometimes banking or crypto-wallet information.
The malware often spreads via phishing emails, fake downloads, or compromised websites masquerading as legitimate software. Victims may download or run software that looks harmless but ends up quietly downloading Lumma in the background.
Cybersecurity experts warn that many users may not realise they are infected until strange account activity or unauthorised access emerges.
Who is affected and what to do now
If you received a message from the NCSC alerting you to possible infection, treat it as legitimate and take action. The agency recommends:
- Run a full antivirus or malware scan on your Windows device.
- Immediately change passwords on all accounts you accessed from that device especially banking, email, or government linked services.
- Enable two-factor authentication (2FA) wherever possible to add an extra security layer.
- Avoid downloading software from unofficial sources or clicking on suspicious email links or attachments.
If you are unsure how to proceed, contacting a trusted IT specialist could help ensure the malware and any leftover threats are properly removed.
Why this matters to Kiwis now
This alert highlights a growing challenge for New Zealanders navigating an increasingly digital world. With many essential tasks banking, bills, government services, and personal communication occurring online, a single breach can cause cascading problems.
For households, small businesses, and individuals, vigilance is critical. Taking prompt action can mean the difference between a minor inconvenience and serious risk.
If you rely on a Windows computer for everyday tasks, now is a good time to review your online security, double check recent account activity, and stay updated on nationwide cyber alerts.
More developments are expected in the coming days, and Find NZ will continue tracking the story with timely local coverage.
