A cybercrime group originating from Brazil has resurfaced after more than three years of inactivity to launch a campaign targeting players of the popular video game Minecraft. The group, known as LofyGang, is deploying a new information-stealing malware called LofyStealer, also identified as GrabBot.<\/p>\n
According to a technical report from Brazil-based cybersecurity firm ZenoX, the malware is disguised as a cheat modification for the game named \u201cSlinky.\u201d The attackers are using the official Minecraft game icon to make the malicious file appear legitimate, tricking users into willingly executing the software on their machines.<\/p>\n
ZenoX researchers reported that LofyStealer is designed to extract sensitive data from infected systems. Once executed, the malware targets web browsers, cryptocurrency wallets, and gaming credentials. It specifically seeks login information, session cookies, and financial data stored on the victim\u2019s device.<\/p>\n
The malicious file is typically distributed through file-sharing platforms, third-party modding websites, or social media channels frequented by the Minecraft community. The use of the \u201cSlinky\u201d branding and the official game icon lowers the suspicion of potential victims, who often download such files seeking game enhancements or cheats.<\/p>\n
LofyGang was first documented by cybersecurity researchers in 2020, when it was primarily known for targeting Brazilian users with banking trojans and credential stealers. The group largely withdrew from public view in late 2021, leading some analysts to believe it had disbanded or moved to other ventures.<\/p>\n
\u201cThe reappearance of LofyGang with a focus on a global gaming audience marks a significant shift in their operational strategy,\u201d ZenoX noted in its report. The group appears to have expanded its targeting scope beyond Brazil to include English-speaking players worldwide.<\/p>\n
The campaign targets Minecraft players because the game attracts a large user base of young and technically unsophisticated individuals. These users are often more willing to download third-party software or modifications without verifying their authenticity.<\/p>\n
Cybersecurity experts warn that gamers represent an increasingly attractive target for cybercriminals. Many players store valuable digital assets, including in-game currency, rare items, and linked payment methods, which can be monetized on black markets. Theft of account credentials can also lead to identity fraud or ransomware attacks if the compromised device contains other sensitive information.<\/p>\n
ZenoX emphasized that the malware does not require administrative privileges to run, making it easier to execute on standard user accounts. It also employs techniques to evade detection by antivirus software, including code obfuscation and delayed execution.<\/p>\n
Security researchers advise players to download game mods and add-ons only from official or well-known, verified sources. They recommend enabling two-factor authentication on gaming and cryptocurrency accounts to reduce the risk of credential theft.<\/p>\n
Users should also keep their operating systems and security software up to date. Running regular scans with reputable anti-malware programs can help detect and remove threats like LofyStealer before they cause significant damage.<\/p>\n
The researchers at ZenoX are continuing to monitor the LofyGang infrastructure. They anticipate that the group may expand its campaign to target players of other popular online games, using similar social engineering tactics and malware strains.<\/p>\n
Law enforcement and cybersecurity agencies in Brazil and other countries are likely to investigate the group\u2019s renewed activities. However, attribution and prosecution remain challenging due to the use of anonymizing services and infrastructure located across multiple jurisdictions.<\/p>\n
Source: ZenoX Security<\/p>\n","protected":false},"excerpt":{"rendered":"
A cybercrime group originating from Brazil has resurfaced after more than three years of inactivity to launch a campaign targeting players of the popular video game Minecraft. The group, known as LofyGang, is deploying a new information-stealing malware called LofyStealer, also identified as GrabBot. According to a technical report from Brazil-based cybersecurity firm ZenoX, the […]<\/p>\n","protected":false},"author":1,"featured_media":6336,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[505],"tags":[7409,7410,7407,7408,7406],"class_list":["post-6335","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-cybercrime-brazil","tag-gaming-security","tag-lofygang","tag-lofystealer","tag-minecraft-malware"],"_links":{"self":[{"href":"https:\/\/delimiter.online\/blog\/wp-json\/wp\/v2\/posts\/6335","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/delimiter.online\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/delimiter.online\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/delimiter.online\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/delimiter.online\/blog\/wp-json\/wp\/v2\/comments?post=6335"}],"version-history":[{"count":0,"href":"https:\/\/delimiter.online\/blog\/wp-json\/wp\/v2\/posts\/6335\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/delimiter.online\/blog\/wp-json\/wp\/v2\/media\/6336"}],"wp:attachment":[{"href":"https:\/\/delimiter.online\/blog\/wp-json\/wp\/v2\/media?parent=6335"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/delimiter.online\/blog\/wp-json\/wp\/v2\/categories?post=6335"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/delimiter.online\/blog\/wp-json\/wp\/v2\/tags?post=6335"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}