Breaking
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately
Latest Threat Intel Zero-Days Data Breaches Analysis
Live threat feed June 10, 2026 | 00:33 UTC
2631 CVEs This Month
10 Actively Exploited
0 Ransomware Activity
25 Breaches YTD
Threat Investigation Portal
Investigate an IOC in the live graph workspace.
Investigate IOC
Threat Intelligence

Brazilian LofyGang Returns with LofyStealer Campaign Targeting Minecraft Players

Thirumala Rao Padilam Thirumala Rao Padilam April 29, 2026
Brazilian LofyGang Returns with LofyStealer Campaign Targeting Minecraft Players

The Brazilian cybercrime group LofyGang has reemerged after more than three years with a new campaign targeting Minecraft players using a malware called LofyStealer, also known as GrabBot. The malware is disguised as a Minecraft hack called 'Slinky,' using the official game icon to encourage victims to run it voluntarily.

What happened

Security researchers at Brazil-based company ZenoX identified that the LofyGang, a Brazilian cybercrime group, resumed activity through a campaign aimed at Minecraft players. The group is distributing a new stealer malware named LofyStealer or GrabBot. This malware masquerades as a Minecraft hack called 'Slinky' and leverages the official Minecraft game icon to deceive users into executing the malicious software themselves.

Why it matters

This campaign is notable because it marks the return of LofyGang after an absence of over three years. By targeting Minecraft players, the attackers are exploiting a popular gaming community, potentially putting a wide user base at risk. The use of a legitimate-looking game icon and plausible gaming hack disguises increases the likelihood of successful infection through social engineering tactics.

What security teams should do

Security teams should alert their user communities, specifically those in gaming environments, about the risks of downloading and running unauthorized Minecraft hacks or tools. Monitoring for the presence of LofyStealer indicators in user environments and reviewing security controls around game-related application executions can help mitigate risk. Users should be advised to obtain Minecraft-related software exclusively from official sources.

Key technical details

According to ZenoX, LofyStealer is distributed as an executable masquerading as a Minecraft hack named 'Slinky.' The malware uses the official Minecraft game icon to encourage users to voluntarily execute the file, capitalizing on the trust and familiarity of the iconography. Detailed behavior, infection vectors, and capabilities of LofyStealer were outlined in ZenoX’s technical report but are not fully disclosed here.

Affected organizations/products

The campaign specifically targets Minecraft players, leveraging the popularity of the game and its community. The malware impersonates legitimate game-related software, suggesting a focus on users within the Minecraft ecosystem.

Source attribution

https://thehackernews.com/2026/04/brazilian-lofygang-resurfaces-after.html

Thirumala Rao Padilam
Written by
Thirumala Rao Padilam
error: Content is protected !!