cybercrime Archives

Tech Optimizer

May 10, 2026

‘People use smartphones more but invest less in their security’: New report claims McAfee and Norton remain the most loved antivirus brands as users ditch lesser-known security products for free tools like Microsoft Defender or Apple Xprotect

Recent findings indicate that only 18% of American smartphone users invest in third-party antivirus software, despite the increasing reliance on mobile devices. A survey of over 1,000 adults revealed a significant gap in mobile security awareness. The adoption of paid antivirus solutions on computers has increased by 2% to 41%, while the use of third-party antivirus on mobile devices has decreased by approximately 10%, from 28% to 18%. Although ransomware attacks on smartphones are less common, many users may underestimate modern cyber threats. A considerable number of mobile users remain unprotected or unsure about their device security measures.

AppWizard

April 30, 2026

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A Brazilian cybercriminal group known as LofyGang has re-emerged after three years, targeting Minecraft players with malware called LofyStealer, also known as GrabBot. This malware is disguised as a Minecraft hack named 'Slinky' and uses the official game icon to attract young users. The group has been active since late 2021 and previously leaked thousands of Minecraft accounts. The attack begins with the 'Slinky' hack, which deploys LofyStealer (identified as "chromelevator.exe") to harvest sensitive information from web browsers, including cookies, passwords, and credit card information, sending this data to a command-and-control server. ZenoX reports a shift in LofyGang's tactics from JavaScript supply chain attacks to a malware-as-a-service model, offering both free and premium tiers. Cybercriminals are increasingly exploiting trusted platforms like GitHub to distribute malware through bogus repositories and various deceptive tactics, including fake security alerts and counterfeit accounts. This trend highlights a strategy focused on volume targeting rather than precision, prompting cybersecurity experts to prioritize threats from GitHub-hosted downloads that appear legitimate.

AppWizard

April 30, 2026

LofyStealer Targets Minecraft Players via Node.js Loader and Browser Injection

Minecraft players are being targeted by a deceptive hacking tool called “Slinky,” which is actually an infostealer known as LofyStealer linked to the Brazilian cybercrime group LofyGang. The malware uses a Node.js-based loader and a C++ payload to extract sensitive browser data, disguising itself as a Minecraft hack. It primarily targets younger players who may unknowingly execute it. The malware operates through a two-stage architecture, with a 53.5 MB loader binary that injects a smaller 1.4 MB payload into browser processes, bypassing detection methods. It collects sensitive information such as cookies, passwords, and credit card details, compressing and encoding the data for exfiltration. The command-and-control (C2) infrastructure is hosted in Brazil, and the malware's design reflects advanced compilation techniques. The campaign is attributed to LofyGang, which has evolved into a more professional entity, posing severe risks to players who download cheats and cracked tools. Indicators of compromise include a specific C2 IP address and associated endpoints.

AppWizard

April 30, 2026

LofyStealer Uses Node.js Loader Against Minecraft Gamers

Cybersecurity threat hunters have discovered an active infostealer campaign targeting the gaming community, involving malware called LofyStealer (or GrabBot) that disguises itself as a Minecraft hack named “Slinky.” The attackers use the official game icon to trick young gamers into executing the malware. The Brazilian cybercrime group LofyGang has enhanced its technical capabilities, utilizing a sophisticated two-stage modular architecture. The initial stage features a 53.5 MB loader file named load.exe, which is a Node.js runtime environment that obscures malicious signatures. The loader connects to the attacker’s server and decrypts a 1.4 MB C++ payload, chromelevator.exe, which targets eight web browsers to extract sensitive information like cookies and passwords. The stolen data is compressed, encrypted, and sent to the attacker’s server. LofyGang has evolved into a Malware-as-a-Service platform, offering a web panel for operators to monitor victims and generate custom executables. The campaign highlights the increasing threats to the gaming community, with advanced evasion techniques being employed by cybercriminals. Security professionals are advised to monitor network traffic and conduct audits for suspicious activities.

AppWizard

April 30, 2026

Minecraft Players Targeted by LofyStealer Using Node.js Loader and In-Memory Browser Injection

A new infostealer malware called LofyStealer is targeting the gaming community, particularly Minecraft players, by disguising itself as a cheat tool named “Slinky.” It employs a two-stage attack to extract sensitive information from eight major web browsers, including Chrome and Firefox, while evading detection by security software. The malware siphons off cookies, saved passwords, payment card information, and session tokens. Researchers at Zenox.ai identified LofyStealer, linking it to the Brazilian cybercrime group LofyGang, which has been active since October 2022. The malware uses social engineering tactics to appear legitimate and operates as a Malware-as-a-Service platform, offering both Free and Premium tiers to buyers. Its technical sophistication is evident in its method of in-memory browser injection, which allows it to bypass security defenses. The stolen data is compressed and sent to a command-and-control server. Users are advised to avoid downloading unofficial game mods and enable multi-factor authentication to reduce the risk of credential theft. Security teams should monitor for specific behavioral indicators related to the malware's operations.

Tech Optimizer

April 23, 2026

Everywhen issues six checks to spot unsafe websites

Everywhen has released guidelines to help organizations identify unsafe websites and combat online fraud. The guidance includes six checks users can perform before visiting unfamiliar sites: 1. Utilize website safety checker tools like Google Safe Browsing and Norton Safe Web. 2. Verify the site contains standard business information, such as contact details and social media links. 3. Conduct reputation checks by reviewing public feedback for complaints related to fraud or poor service. 4. Evaluate visual and editorial standards for indicators of illegitimacy, such as poor grammar or outdated branding. 5. Maintain updated antivirus software to block malicious downloads and phishing attempts. 6. Adjust browser settings to receive alerts about suspicious websites. The guidance highlights the importance of scrutinizing URLs for unusual spellings or characters and distinguishes between HTTP and HTTPS, noting that the padlock symbol does not guarantee trustworthiness. The initiative aims to protect both consumers and organizations from cyber threats, particularly as fake websites increasingly target personal information and financial transactions.

Tech Optimizer

April 21, 2026

Even trusted apps can infect your PC with malware now

Recent supply-chain attacks are increasingly targeting well-known software such as CCleaner, Steam games, and Notepad++, allowing hackers to distribute malware through legitimate updates. The introduction of artificial intelligence has accelerated the frequency and sophistication of these attacks, with hackers compromising developers or exploiting third-party tools to inject malicious code. Notepad++ was specifically affected by a supply-chain attack where a compromised third-party tool led to the distribution of tainted software. Attackers use various strategies, including hacking developers' credentials, purchasing access, or compromising tools relied upon by developers. Antivirus software is crucial for protecting users from malware, even from trusted sources, as modern solutions have minimal impact on system performance.

Tech Optimizer

April 17, 2026

Millions of people use this American-made antivirus and you can get $30 off right now

PC Matic is an American cybersecurity company established in 1999, focused on preventing infections before they occur. It aims to disrupt cybercrime by enhancing the protection of everyday devices, thereby reducing the profitability of large-scale attacks. The company has protected over 100 million applications and devices, with more than 3 million customers. PC Matic offers user-friendly and affordable tools for individuals and families. Currently, they have a promotional discount of 30% off the first purchase with the code GOLOOT30, applicable to orders over .99, valid until January 1, 2027.

Tech Optimizer

April 15, 2026

Avast Antivirus: Free Protection Faces Rising AI Threats in Cybersecurity Market

Avast Antivirus offers a robust free version with premium features, providing high-quality protection against cyber threats, including viruses, spyware, and ransomware. Key features include Smart Scan, Password Manager, and Network Inspector, which help users identify vulnerabilities and safeguard their data. Avast has a global user base of over 435 million and is particularly relevant in the U.S., where data breaches affect millions annually. The company operates under Gen Digital, which acquired Avast in 2022, leveraging a freemium model to attract users and upsell advanced features. Avast focuses on AI-driven threat detection and maintains a strong market position against competitors like Norton and McAfee. The global cybersecurity market has surpassed 0 billion, driven by increasing threats, and Avast counters these with machine learning capabilities. Risks for Avast include zero-day exploits, privacy concerns, and competition from built-in OS protections. Avast's cloud-based updates and multilingual support enhance its appeal, while its integration with smart home devices is planned for the future.

AppWizard

April 14, 2026

Mirax RAT Targets Android Devices Through Meta Apps

Mirax is a remote access Trojan (RAT) targeting Android devices in Spanish-speaking countries, identified by Outpost24's KrakenLabs in early March. It propagates fraudulent advertisements on Meta-owned applications, allowing cybercriminals to gain initial access. Mirax can interact with compromised devices in real time, converting them into residential proxy nodes through ads on platforms like Facebook and Instagram. It uses SOCKS5 protocol and Yamux multiplexing to establish proxy channels and uncover victims' IP addresses. The malware captures keystrokes, steals sensitive data, executes commands, and monitors user activity. It employs overlay pages to steal credentials and orchestrates distribution through Meta ads and GitHub for malicious APK files. Users are tricked into enabling installations from "unknown sources," and the malware disguises itself behind video playback features. Additionally, a threat actor has been offering Mirax as a malware-as-a-service (MaaS) on illicit forums, with subscription prices starting at ,500 for three months. This service is described as highly controlled and exclusive, primarily targeting Russian-speaking actors in underground communities.