After three years dormant the Brazilian cybercrime group has relaunched attacks on young players by packaging LofyStealer as a cracked Minecraft cheat that uses the official game icon to build trust before stealing browser passwords credit cards and account tokens.
Minecraft players searching for an edge in game are being hit with a sophisticated new malware campaign. On April 28 The Hacker News reported that the Brazilian group known as LofyGang has returned after more than three years with LofyStealer a stealer specifically aimed at the gaming audience.
Disguised to Exploit Trust
The malware presents itself as Slinky a supposed Minecraft hack. It adopts the official Minecraft game icon to appear legitimate and lower the guard of younger users who frequent cheat forums and unofficial download sites. Once run it triggers a loader that installs the stealer without leaving obvious traces on the system.
What Data Is Being Stolen
- Browser cookies passwords and authentication tokens
- Credit card details and International Bank Account Numbers
- Data from Chrome Edge Brave Opera Firefox and other popular browsers
- Information exfiltrated to a command server at 24.152.36.241
Minecraft has been a LofyGang target since 2022. They leaked thousands of Minecraft accounts under the DyPolarLofy alias on Cracked.io. The current campaign goes after Minecraft players directly through a fake Slinky hack.
Acassio Silva co founder of Brazil based ZenoX noted that the group has shifted to a malware as a service model with both free and paid versions available. The current version runs entirely in memory making traditional antivirus detection more difficult. LofyGang previously relied on supply chain attacks in JavaScript packages before going quiet.
Why This Matters Now
The timing aligns with a constant stream of new Minecraft players and an active scene built around mods hacks and custom servers. Many in the community download tools from unverified places especially younger users drawn to cheat clients that promise unfair advantages. This campaign revives old risks and highlights the need for caution when installing anything outside the official Minecraft Launcher.
While no widespread breaches tied to this specific wave have been publicly detailed yet the report serves as an immediate warning. Players are urged to stick to verified sources avoid cracked software and monitor accounts for suspicious activity. The underground nature of these tools means the true scale may only become clear in the coming weeks.
