Minecraft Mayhem: Brazilian LofyGang Returns, Targeting Gamers with Slick New LofyStealer Malware

It started with a promise: a powerful new Minecraft “hack” called Slinky, shared across Discord servers and YouTube channels. But for thousands of eager gamers, that shortcut to victory became the gateway to disaster. The infamous Brazilian LofyGang, silent since 2021, has reemerged with a campaign that weaponizes the world’s most popular sandbox game - and the trust of its youthful community.

LofyGang’s latest campaign is a masterclass in psychological manipulation. By masquerading their malware as a sought-after Minecraft cheat, they exploit the trust and curiosity of young gamers, luring them into voluntarily executing the malicious “Slinky” tool. Once launched, a JavaScript loader stealthily deploys LofyStealer - known internally as “chromelevator.exe” - directly into the victim’s memory. There’s no visible trace, but the effects are devastating: credentials, cookies, credit card numbers, and even International Bank Account Numbers are harvested from browsers like Chrome, Edge, Firefox, and more.

The stolen data is exfiltrated to a remote command-and-control server, placing victims’ digital lives - and sometimes their finances - in the hands of cybercriminals. LofyGang’s evolution is notable: previously, they relied heavily on tampered npm packages and GitHub “starjacking” (faking credibility through misleading repository references) to compromise developers. Today, their attacks are broader, targeting not just coders but unsuspecting gamers, with malware distributed via SEO-poisoned links, fake GitHub repositories, and even Reddit threads advertising cheats for other popular games like Counter-Strike 2.

Security experts warn that the group’s shift to a malware-as-a-service model marks a dangerous new phase. By offering both free and premium versions of their tools - and distributing “builder” kits like Slinky Cracked - they lower the barrier for would-be cybercriminals to launch similar attacks. Meanwhile, trusted platforms like GitHub, Discord, and even email notifications are being weaponized to reach a wider audience, bypassing traditional security filters and exploiting the very channels users rely on for legitimate downloads and updates.

The LofyGang saga is only the latest example of a wider trend: cybercriminals exploiting the social trust and ubiquity of open platforms to spread malware at scale. From phony Visual Studio Code alerts to counterfeit AI tools and VPN crackers, the lure factory is in overdrive - targeting everyone from hobbyist gamers to enterprise developers. As these schemes grow more sophisticated, the line between safe and suspicious downloads grows ever thinner.

For Minecraft fans and digital denizens alike, the message is clear: vigilance is no longer optional. In an era where even a beloved game mod can spell disaster, the only cheat code that matters is skepticism - because in the hands of LofyGang, trust is the ultimate vulnerability.

WIKICROOK

• Malware: Il malware è un software dannoso progettato per infiltrarsi, danneggiare o rubare dati da dispositivi informatici senza il consenso dell’utente.
• Typosquatting: Typosquatting is when attackers use lookalike names of trusted sites or software to trick users into visiting fake sites or downloading malware.
• Command: A command is an instruction sent to a device or software, often by a C2 server, directing it to perform specific actions, sometimes for malicious purposes.
• Starjacking: Starjacking is when attackers link malicious projects to popular GitHub repositories to appear credible and trick users into downloading harmful code.
• SEO Poisoning: SEO Poisoning is when attackers manipulate search results to promote malicious websites, tricking users into visiting harmful or fraudulent pages.