A cybercrime group known as LofyGang has resurfaced with a new malware campaign targeting Minecraft players using a fake hack tool to distribute data-stealing malware.
**Overview**
A Brazilian-origin cybercrime group, LofyGang, has re-emerged after several years of inactivity, launching a new campaign aimed at Minecraft players. The attackers are distributing a stealer malware disguised as a game modification tool, tricking users into installing it voluntarily.
**Attack Method**
The campaign relies on a fake Minecraft hack tool presented as a legitimate enhancement. Once executed, it triggers a hidden process that deploys the malware directly into system memory, making detection more difficult.
**Malware Capabilities**
The stealer, known as LofyStealer, is capable of extracting sensitive information from infected systems. This includes browser-stored credentials, session cookies, authentication tokens, and even financial data. The malware targets multiple popular browsers and silently sends collected data to a remote command-and-control server.
**Group Background**
LofyGang has been active since around 2021 and previously focused on supply chain attacks, including malicious packages distributed through developer platforms. The group has also been linked to leaking gaming and streaming accounts and operating under various aliases in underground communities.
**Shift in Strategy**
Unlike earlier campaigns that targeted developers, this new operation focuses directly on end users, particularly gamers. The group appears to be adopting a malware-as-a-service model, offering tools with both free and paid versions.
**Broader Threat Landscape**
This campaign highlights a growing trend where attackers abuse trusted platforms and popular communities to spread malware. Fake repositories, game cheats, and software tools are increasingly used as bait to compromise unsuspecting users.
**Security Advice**
Users are strongly advised to avoid downloading unofficial game modifications or tools from unverified sources. Even platforms that appear trustworthy can host malicious content. Always verify sources and use updated security software to reduce risk.
A Brazilian-origin cybercrime group, LofyGang, has re-emerged after several years of inactivity, launching a new campaign aimed at Minecraft players. The attackers are distributing a stealer malware disguised as a game modification tool, tricking users into installing it voluntarily.
**Attack Method**
The campaign relies on a fake Minecraft hack tool presented as a legitimate enhancement. Once executed, it triggers a hidden process that deploys the malware directly into system memory, making detection more difficult.
**Malware Capabilities**
The stealer, known as LofyStealer, is capable of extracting sensitive information from infected systems. This includes browser-stored credentials, session cookies, authentication tokens, and even financial data. The malware targets multiple popular browsers and silently sends collected data to a remote command-and-control server.
**Group Background**
LofyGang has been active since around 2021 and previously focused on supply chain attacks, including malicious packages distributed through developer platforms. The group has also been linked to leaking gaming and streaming accounts and operating under various aliases in underground communities.
**Shift in Strategy**
Unlike earlier campaigns that targeted developers, this new operation focuses directly on end users, particularly gamers. The group appears to be adopting a malware-as-a-service model, offering tools with both free and paid versions.
**Broader Threat Landscape**
This campaign highlights a growing trend where attackers abuse trusted platforms and popular communities to spread malware. Fake repositories, game cheats, and software tools are increasingly used as bait to compromise unsuspecting users.
**Security Advice**
Users are strongly advised to avoid downloading unofficial game modifications or tools from unverified sources. Even platforms that appear trustworthy can host malicious content. Always verify sources and use updated security software to reduce risk.
TAGS:
#malware
#minecraft
#cybersecurity
#infostealer
SHARE: