LofyGang Resurfaces, Targets Minecraft Players with LofyStealer Malware
The Brazilian cybercrime group LofyGang has re-emerged after a three-year hiatus, launching a new campaign aimed at Minecraft players. According to The Hacker News, the group is deploying a novel information stealer dubbed LofyStealer (also known as GrabBot). This malware is meticulously disguised as a Minecraft hack called ‘Slinky,’ leveraging the official game icon to trick users into executing it voluntarily.
This isn’t just a simple game hack; it’s a sophisticated play for credentials and sensitive data. The Hacker News reports that LofyStealer focuses on exfiltrating credentials, potentially from gaming accounts, social media, and other services linked to the compromised device. The re-emergence of LofyGang underscores a persistent threat where attackers exploit popular platforms and user trust to achieve their objectives.
Attackers consistently target widely-used platforms, especially those with younger user bases who might be less security-aware. The attacker’s calculus here is clear: high volume, low friction. Disguising malware as a game utility is a classic social engineering tactic that continues to yield results. Defenders, particularly parents and IT professionals in educational settings, need to recognize that gaming platforms are not immune from serious threats.
What This Means For You
- If you or your organization uses Minecraft, or if your network includes devices used for gaming, you need to be acutely aware of this threat. Educate users about the dangers of downloading unofficial game modifications or 'hacks.' Implement application whitelisting where possible, and ensure endpoint detection and response (EDR) solutions are actively monitoring for suspicious processes, especially those mimicking legitimate applications like Minecraft.
Related ATT&CK Techniques
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| LofyGang-LofyStealer | Information Disclosure | Malware: LofyStealer (aka GrabBot) |
| LofyGang-LofyStealer | Information Disclosure | Targeted Software: Minecraft |
| LofyGang-LofyStealer | Information Disclosure | Malware Disguise: 'Slinky' Minecraft hack |
Written by SCW Vulnerability Desk
Related coverage
VECT 2.0 Ransomware: Wiper-Like Flaw Irreversibly Destroys Files
The cybercriminal operation VECT 2.0 is deploying ransomware that functions more like a wiper, according to threat hunters cited by The Hacker News. A critical...
Secure Data Movement is Zero Trust's Unseen Bottleneck
Many security programs operate under the flawed assumption that system connectivity automatically solves data security. Simply opening a ticket, standing up a gateway, and pushing...
Hugging Face LeRobot RCE: Unauthenticated Deserialization Flaw
The Hacker News reports a critical, unpatched vulnerability, CVE-2026-25874 (CVSS 9.3), affecting Hugging Face's LeRobot platform. This flaw is an untrusted data deserialization issue, allowing...