LofyStealer Malware Targets Minecraft Players with Node.js Loader

Severity: High (Score: 66.5)

Sources: Gbhackers, Cybersecuritynews

Summary

A new infostealer malware named LofyStealer is targeting Minecraft players by masquerading as a cheat tool called 'Slinky.' This malware, linked to the Brazilian cybercrime group LofyGang, employs a Node.js-based loader and an in-memory C++ payload to conduct a two-stage attack. It stealthily extracts sensitive data from popular web browsers and sends it to a command-and-control (C2) server. The campaign is sophisticated, evading detection by standard security software. Victims are primarily gamers who unknowingly download the malicious tool. The attack's scope is concerning, given the popularity of Minecraft and the potential for widespread data theft. Currently, the malware is active and poses a significant risk to affected users. Key Points: • LofyStealer is disguised as a cheat tool named 'Slinky' targeting Minecraft players. • The malware uses a Node.js loader and an in-memory C++ payload for data theft. • It is linked to the Brazilian cybercrime group LofyGang, indicating organized cybercrime involvement.

Key Entities

• Malware (attack_type)
• CWE-200 - Exposure of Sensitive Information (cwe)
• GrabBot (malware)
• LofyStealer (malware)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1055 - Process Injection (mitre_attack)
• T1555.003 - Credentials From Web Browsers (mitre_attack)
• Node.js (tool)
• Node.js Loader (tool)