Brazilian Cybercrime Group LofyGang Resurfaces with New Minecraft-Targeted Malware
AI-generated from multiple sources. Verify before acting on this reporting.
SAO PAULO — The Brazilian cybercrime group LofyGang has re-emerged after a three-year hiatus, launching a new campaign targeting Minecraft players with a data-stealing malware disguised as a game hack.
The group, previously known for similar operations, released the new tool, dubbed LofyStealer, on April 28. The malware is packaged within a program called 'Slinky,' which is marketed to users as an unauthorized modification or cheat for the popular sandbox video game Minecraft. Security researchers identified the campaign on Monday, noting the group's return to active operations.
LofyStealer is designed to exfiltrate sensitive information from compromised devices. Once executed, the malware scans the host system for web browser cookies, saved passwords, authentication tokens, and cryptocurrency wallet data. The tool also targets financial information, specifically harvesting credit card details and International Bank Account Numbers (IBANs) stored on the victim's machine.
The attack vector relies on social engineering, exploiting the desire of gamers to gain advantages within the Minecraft community. Users who download the 'Slinky' hack inadvertently install the malicious software, granting the attackers access to their digital credentials. The group has historically operated out of Brazil, leveraging local networks to distribute malware and monetize stolen data.
This marks the first significant activity from LofyGang since 2023. The group's previous campaigns utilized similar tactics, distributing malware through fake game cheats and software cracks. The return of the group suggests a renewed focus on the gaming sector, where younger demographics often lack robust cybersecurity measures.
Cybersecurity experts warn that the 'Slinky' malware poses a significant risk to both personal and financial data. Unlike ransomware, which locks users out of their systems, LofyStealer operates silently in the background, stealing data without the user's immediate knowledge. The stolen credentials can be used for identity theft, unauthorized financial transactions, or further infiltration of corporate networks if the compromised device is linked to work environments.
No specific number of victims has been confirmed, and the full extent of the data exfiltration remains unknown. Law enforcement agencies in Brazil have not yet commented on the resurgence of the group. The distribution of the malware appears to be ongoing, with copies of the 'Slinky' program still circulating on various file-sharing sites and gaming forums.
The incident highlights the persistent threat posed by cybercriminal groups targeting the gaming community. As the group continues to operate, questions remain regarding the scale of the operation and whether LofyGang has expanded its capabilities beyond data theft. Authorities are monitoring the situation, but no arrests or takedowns have been announced as of Monday evening.