VulnHub

Real-time Cybersecurity News

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

The Hacker News
Actively Exploited
ExploitMalware

Overview

A Brazilian cybercrime group known as LofyGang has returned after a three-year hiatus, launching a campaign targeting Minecraft players through a malware called LofyStealer, also referred to as GrabBot. This malicious software is disguised as a Minecraft hack named 'Slinky' and uses the official game icon to trick users into executing it. Once installed, LofyStealer can steal sensitive information from the victim's device. This resurgence is concerning for the gaming community, as it shows that cybercriminals are still active and adapting their tactics to exploit popular platforms. Players need to be cautious about downloading third-party software, especially those that claim to enhance game performance or functionality.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Minecraft players, specifically those who may download unauthorized hacks or mods
  • Action Required: Avoid downloading unauthorized hacks or mods, and ensure your device has updated antivirus software.
  • Timeline: Newly disclosed

Original Article Summary

A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (aka GrabBot). "The malware disguises itself as a Minecraft hack called 'Slinky,'" Brazil-based cybersecurity company ZenoX said in a technical report. "It uses the official game icon to induce voluntary execution,

Impact

Minecraft players, specifically those who may download unauthorized hacks or mods

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Avoid downloading unauthorized hacks or mods, and ensure your device has updated antivirus software.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Exploit, Malware.

Read Original Article

Related Coverage

A DOD contractor’s API flaw exposed military course data and service member records

CyberScoop

Researchers discovered a significant flaw in the API of Schemata, a contractor for the Department of Defense, which exposed sensitive information related to military courses and service members. This breach included personal details such as names, email addresses, base assignments, and course materials before Schemata implemented a fix and informed government officials. The exposure raises serious concerns about the security of military data and the potential risks to service members' privacy. Such incidents highlight the need for stringent security measures among contractors handling sensitive government information. The incident serves as a reminder of the vulnerabilities that can exist in systems that support military operations.

May 6, 2026

Roku sued for allegedly bricking TVs - see which models are affected, and your best alternatives

Latest news

Roku is facing a lawsuit after numerous users reported that their Roku TVs have become unusable, either getting stuck in boot loops or displaying black screens. This issue affects several models, leading to frustration among customers who rely on these devices for streaming. Users have taken to social media and forums to express their dissatisfaction, prompting legal action against the company. The situation raises concerns about the reliability of Roku devices and the potential need for better customer support and product durability. As these issues continue, affected users are encouraged to seek alternatives while the lawsuit unfolds.

May 6, 2026

DAEMON Tools installers compromised in new supply chain attack

SCM feed for Latest

Recently, a supply chain attack targeted DAEMON Tools, a popular disk imaging software. Attackers compromised three key components: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. This tampering can potentially allow malicious activities on systems that install these altered files. Users of DAEMON Tools are at risk, especially if they download the software from unverified sources. It's crucial for users to ensure they are using legitimate versions and to stay updated on any security advisories regarding the software.

May 6, 2026

DHS mobile device security falls short of standards, inspector general report finds

SCM feed for Latest

A recent report from the Department of Homeland Security's inspector general reveals significant security issues with mobile applications used by the agency's intelligence office. Out of 650 apps assessed, over 75% were found to either pose security risks or were banned altogether. This raises serious concerns about the data protection measures in place for mobile devices that handle sensitive information. The presence of these risky apps could potentially expose critical national security data to unauthorized access or cyberattacks. The findings suggest a need for immediate review and improvement of mobile device security protocols within the DHS.

May 6, 2026

FTC bans Kochava from selling location data without consent

SCM feed for Latest

The Federal Trade Commission (FTC) has banned Kochava, a data broker, from selling geolocation data without user consent. The FTC's complaint revealed that Kochava collected and sold location data from hundreds of millions of mobile devices, allowing clients to monitor users' movements to sensitive locations like health clinics and places of worship. This practice raised significant privacy concerns, as it involved tracking individuals without their knowledge or approval. The ruling emphasizes the need for stronger protections around personal data and could set a precedent for how data brokers handle user information in the future. Consumers are increasingly wary of how their data is used, and this decision reflects a growing push for accountability in the industry.

May 6, 2026

Why ransomware attacks succeed even when backups exist

BleepingComputer

Ransomware attacks are increasingly successful even when organizations have backups, primarily because attackers often target and destroy these backups before encrypting the main data. Acronis explains that this tactic leaves victims with little to no options for recovery, as the backups become unusable. This highlights a significant vulnerability in many organizations' cybersecurity strategies, as they may rely too heavily on backups without considering their protection. Companies need to bolster their defenses by securing backup systems and implementing strategies that can withstand ransomware attacks, ensuring they have a path to recovery even if their primary data is compromised.

May 6, 2026