“, while also contributing to an underground hacking community under the alias dypolarlofy to leak thousands of disney + and minecraft accounts. " minecraft has been a lofygang target since 2022, " acassio silva, co - founder and head of threat intelligence at zenox, told the hack…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
93%
“security alerts posted through discussions to trick users into installing malware by clicking on a link. " because github discussions trigger email notifications for participants and watchers, these posts are also delivered directly to developers ' inboxes, " socket said. " this …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
90%
“cards, and international bank account numbers ( ibans ), is exfiltrated to a command - and - control ( c2 ) server located at 24. 152. 36 [. ] 241. " historically, the group ' s primary vector was the javascript supply chain : npm package typosquatting, starjacking ( fraudulent r…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1219Remote Access Tools
64%
“##ps downloader, which then initiates a multi - stage infection chain to establish persistent remote access using ssh reverse tunnels and rats like minebridge rat ( aka tevirat ). the activity has been attributed to rift brigantine ( aka fin11, graceful spider, and ta505 ). - usi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
59%
“brazilian lofygang resurfaces after three years with minecraft lofystealer campaign a cybercrime group of brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets minecraft players with a new stealer called lofystealer ( aka grabbot ). " …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1567.001Exfiltration to Code Repository
50%
“cards, and international bank account numbers ( ibans ), is exfiltrated to a command - and - control ( c2 ) server located at 24. 152. 36 [. ] 241. " historically, the group ' s primary vector was the javascript supply chain : npm package typosquatting, starjacking ( fraudulent r…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
43%
“##ware. the disclosure comes as threat actors are increasingly abusing the ubiquity and trust associated with github to host bogus repositories that act as lures for malware families like smartloader, stealc stealer, and vidar stealer. unsuspecting users are directed to these rep…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (aka GrabBot).
"The malware disguises itself as a Minecraft hack called 'Slinky,'" Brazil-based cybersecurity company ZenoX said in a technical report. "It uses the official game icon to induce voluntary execution,