New Zealand’s National Cyber Security Centre is contacting about 26,000 people after identifying possible infections of a data-stealing malware strain known as Lumma Stealer.
The centre is part of the Government Communications Security Bureau. It is sending warning emails to affected addresses across the country.
The agency says the malware mainly targets devices that run Microsoft Windows. It says the software steals information such as email addresses and passwords from infected machines.
The campaign marks an unusually broad public alert by the national cyber agency. It covers individuals whose details were linked to suspected infections.
Recipients are being directed to the centre’s Own Your Online website. The site contains advice on removing the malware and on wider security steps for online accounts.
The agency says Lumma Stealer can also download additional malicious software onto a device. That can increase the risk of fraud and identity theft.
The alert follows information from security partners in New Zealand and overseas. Those partners detected the activity and passed details to the centre.
The centre then worked with other government departments and financial institutions. Those organisations contacted some affected users directly before the wider email campaign.
Michael Jagusch is Chief Operating Officer at the National Cyber Security Centre. He said the operation reflects a growing risk from information-stealing malware.
“We were alerted to the issue through our cyber security partnerships and have worked with New Zealand government agencies and financial institutions to contact some of the affected users.
“However, there is a large group of users we are now contacting directly.
“This is the first time that we have conducted such a large-scale public outreach, and we want to assure recipients that the email from the NCSC is legitimate,” said Jagusch.
The centre says it is an ongoing international issue. It says cyber criminals around the world are using Lumma Stealer and similar tools.
Information-stealing malware typically runs quietly in the background. It collects data from web browsers, email clients, and other applications that store credentials.
The agency says Lumma Stealer is designed to avoid notice on infected systems. Many users may not see obvious changes on their devices.
People may instead notice signs in their online accounts. These can include unexpected login alerts, locked accounts, or settings that change without their knowledge.
Unfamiliar financial transactions are another warning sign. So is an increase in spam calls, emails, or messages.
The centre is urging people who receive its notification email to follow the removal steps on Own Your Online. It says users should also review their account security settings and update passwords.
The agency says people who did not receive an email can still check their devices. It recommends that all users update their antivirus or antimalware software and run a full system scan.
The emails from the centre use the sender address no-reply@comms.ncsc.govt.nz. The agency says anyone with doubts should confirm the address before clicking links.
It says people who need extra help can seek assistance from a support provider. Guidance on choosing a provider is also available on the Own Your Online site.
The outreach focuses on everyday internet users and small and medium-sized organisations. Own Your Online is designed as a central resource for this audience.
The platform carries step-by-step guides, checklists, and incident response advice. It also hosts alerts about new or active threats that affect New Zealanders.
The National Cyber Security Centre says its role includes sharing information on serious digital threats. It also works with key players in essential services to strengthen baseline defences.
The centre says it expects more activity by groups that use information-stealing malware. It plans further updates through its website and public channels as new data emerges.