passwords Archives

AppWizard

April 30, 2026

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A Brazilian cybercriminal group known as LofyGang has re-emerged after three years, targeting Minecraft players with malware called LofyStealer, also known as GrabBot. This malware is disguised as a Minecraft hack named 'Slinky' and uses the official game icon to attract young users. The group has been active since late 2021 and previously leaked thousands of Minecraft accounts. The attack begins with the 'Slinky' hack, which deploys LofyStealer (identified as "chromelevator.exe") to harvest sensitive information from web browsers, including cookies, passwords, and credit card information, sending this data to a command-and-control server. ZenoX reports a shift in LofyGang's tactics from JavaScript supply chain attacks to a malware-as-a-service model, offering both free and premium tiers. Cybercriminals are increasingly exploiting trusted platforms like GitHub to distribute malware through bogus repositories and various deceptive tactics, including fake security alerts and counterfeit accounts. This trend highlights a strategy focused on volume targeting rather than precision, prompting cybersecurity experts to prioritize threats from GitHub-hosted downloads that appear legitimate.

AppWizard

April 30, 2026

LofyStealer Targets Minecraft Players via Node.js Loader and Browser Injection

Minecraft players are being targeted by a deceptive hacking tool called “Slinky,” which is actually an infostealer known as LofyStealer linked to the Brazilian cybercrime group LofyGang. The malware uses a Node.js-based loader and a C++ payload to extract sensitive browser data, disguising itself as a Minecraft hack. It primarily targets younger players who may unknowingly execute it. The malware operates through a two-stage architecture, with a 53.5 MB loader binary that injects a smaller 1.4 MB payload into browser processes, bypassing detection methods. It collects sensitive information such as cookies, passwords, and credit card details, compressing and encoding the data for exfiltration. The command-and-control (C2) infrastructure is hosted in Brazil, and the malware's design reflects advanced compilation techniques. The campaign is attributed to LofyGang, which has evolved into a more professional entity, posing severe risks to players who download cheats and cracked tools. Indicators of compromise include a specific C2 IP address and associated endpoints.

AppWizard

April 30, 2026

LofyStealer Uses Node.js Loader Against Minecraft Gamers

Cybersecurity threat hunters have discovered an active infostealer campaign targeting the gaming community, involving malware called LofyStealer (or GrabBot) that disguises itself as a Minecraft hack named “Slinky.” The attackers use the official game icon to trick young gamers into executing the malware. The Brazilian cybercrime group LofyGang has enhanced its technical capabilities, utilizing a sophisticated two-stage modular architecture. The initial stage features a 53.5 MB loader file named load.exe, which is a Node.js runtime environment that obscures malicious signatures. The loader connects to the attacker’s server and decrypts a 1.4 MB C++ payload, chromelevator.exe, which targets eight web browsers to extract sensitive information like cookies and passwords. The stolen data is compressed, encrypted, and sent to the attacker’s server. LofyGang has evolved into a Malware-as-a-Service platform, offering a web panel for operators to monitor victims and generate custom executables. The campaign highlights the increasing threats to the gaming community, with advanced evasion techniques being employed by cybercriminals. Security professionals are advised to monitor network traffic and conduct audits for suspicious activities.

Winsage

April 30, 2026

If you held off upgrading your PC because of the price, it’s now only $10 to get Windows 11 Pro

Windows 11 Pro is currently available for a promotional price of .97, a significant reduction from the standard price of 9. It includes security enhancements such as TPM 2.0, secure boot, built-in antivirus protection, Smart App Control, and Windows Hello for biometric security. BitLocker provides hard drive encryption, while Snap layouts and virtual desktops enhance multitasking. Unique features include Windows Sandbox for safely opening untrusted files, Hyper-V for managing virtual machines, and Azure AD support for workplace accounts. The integrated Copilot feature assists with various tasks. This promotional offer ends on May 3 at 11:59 p.m. PT.

Tech Optimizer

April 30, 2026

Inside the Architecture of an MCP Server for PostgreSQL

The Model Context Protocol (MCP) serves as a standard interface between large language models (LLMs) and external systems like PostgreSQL, emphasizing the importance of control over mere connectivity. An MCP server must act as a mediation and policy layer, enforcing security boundaries and ensuring that connections default to read-only. It should validate AI-generated SQL as untrusted input, encapsulate queries within transactions, and apply execution-time controls. The server must separate query generation from execution approval to manage operational costs and enforce guardrails on query types, such as limiting the number of rows returned. Token efficiency is crucial, with design considerations for compact data representation and schema introspection. In production, connection management is vital to prevent data leakage among multiple AI agents, and observability through logging executed queries and metadata is necessary for debugging and compliance. Long-running sessions require support for paginated responses to manage context effectively. Overall, the MCP server must integrate security, query safety, token efficiency, and observability into its design from the outset.

AppWizard

April 30, 2026

Minecraft Players Targeted by LofyStealer Using Node.js Loader and In-Memory Browser Injection

A new infostealer malware called LofyStealer is targeting the gaming community, particularly Minecraft players, by disguising itself as a cheat tool named “Slinky.” It employs a two-stage attack to extract sensitive information from eight major web browsers, including Chrome and Firefox, while evading detection by security software. The malware siphons off cookies, saved passwords, payment card information, and session tokens. Researchers at Zenox.ai identified LofyStealer, linking it to the Brazilian cybercrime group LofyGang, which has been active since October 2022. The malware uses social engineering tactics to appear legitimate and operates as a Malware-as-a-Service platform, offering both Free and Premium tiers to buyers. Its technical sophistication is evident in its method of in-memory browser injection, which allows it to bypass security defenses. The stolen data is compressed and sent to a command-and-control server. Users are advised to avoid downloading unofficial game mods and enable multi-factor authentication to reduce the risk of credential theft. Security teams should monitor for specific behavioral indicators related to the malware's operations.

AppWizard

April 28, 2026

10,000 Users Exposed As Fake Document Reader App Delivers Anatsa Banking Trojan

Security researchers from ThreatLabz discovered a malicious document reader app on the Google Play Store that delivered the Anatsa Android banking trojan. The app, which had over 10,000 downloads before its removal, disguised itself as a legitimate file management tool using the package name com.groundstation.informationcontrol.filestationbrowsefilesreaddocs. It employed a "dropper" technique to hide its malicious code, connecting to an external server to retrieve the malware payload after installation. Anatsa is designed to steal financial information by overlaying a fake login screen over legitimate banking apps, capturing user credentials and enabling unauthorized transactions. Users are advised to delete the app and monitor their financial accounts. Technical indicators for identifying infections include the Anatsa Installer SHA256 (5c9b09819b196970a867b1d459f9053da38a6a2721f21264324e0a8ffef01e20), Payload URL (http://23.251.108[.]10:8080/privacy.txt), Payload SHA256 Hash (88fd72ac0cdab37c74ce14901c5daf214bd54f64e0e68093526a0076df4e042f), and Command and Control servers (http://172.86.91[.]94/api/ and http://193.24.123[.]18:85/api/).

Tech Optimizer

April 27, 2026

The Best Internet Security Solutions Out There Right Now

Mysterium VPN offers a decentralized infrastructure with over 7,500 residential IPs across 100 countries, ensuring user privacy without requiring contributions of personal IPs. It features DNS and IP leak protection, a kill switch, ChaCha20 encryption, and a no-logs policy, complying with GDPR. Mysterium supports up to 15 devices simultaneously and is priced at .59 per month with a 7-day money-back guarantee. Bitdefender Total Security provides comprehensive antivirus protection, including malware detection, ransomware protection, firewall management, and device optimization tools, along with webcam protection and anti-phishing features. Kaspersky Premium delivers real-time antivirus protection, identity theft monitoring, secure payment tools, and parental controls, maintaining high threat detection capabilities. Proton VPN, based in Switzerland, emphasizes privacy and transparency, offering a solid free tier and premium features like Secure Core routing, although its speeds may vary. Malwarebytes Premium focuses on detecting newer or less common threats, evolving from a malware removal tool to a comprehensive security platform. Avast One integrates antivirus protection, VPN services, and performance optimization tools, providing identity monitoring and breach alerts, while working to enhance transparency after past scrutiny. 1Password specializes in secure password storage, generation, and autofill capabilities, along with features to alert users to compromised credentials and secure document storage.

Tech Optimizer

April 27, 2026

Bitdefender Total Security review: Tried and tested by an antivirus expert

Modern antivirus solutions have integrated various tools into a single interface, with Bitdefender exemplifying this trend. It features a dashboard for system scans, recommendations, and account management. The “Protection” section includes antivirus settings, online threat defense, and firewall options. Users can enable an anti-spam service for email applications like Outlook and Thunderbird. The privacy tab offers an anti-tracker browser plugin and a limited free VPN. Additional privacy features include video and audio protection to manage webcam and microphone access, and Safepay for secure online banking. Bitdefender also provides a desktop widget for protection status, secure file shredding, and remote device management options. In terms of performance, Bitdefender operates efficiently, using less than 100MB of RAM for its main interface, but can spike during full system scans. It successfully detected a trojan during a scan of a linked Google Drive account. Bitdefender effectively identified all test files in antivirus testing and enhances browser security by intervening when users ignore warnings. The application is easy to install, with a compact file size, and offers a Quick Scan feature that allows users to scan only applications after a thorough initial scan.

TrendTechie

April 27, 2026

Домашний Netflix за вечер: Transmission + Jellyfin + Telegram-бот на Docker с поддержкой NAS

The setup involves a Keenetic router with a 2TB USB drive, functioning as a NAS for network storage. It utilizes three Docker containers: Transmission with Flood UI for torrent management, Jellyfin as a media server, and a Telegram bot for adding torrents and receiving notifications. The process allows users to send .torrent files via Telegram, which are then downloaded and made available in Jellyfin for viewing on various devices. The configuration requires Docker, a NAS or router with SMB share, and a Telegram account. The system is designed to maintain data integrity through OS reinstalls, and it can be set up quickly using a provided repository and configuration files.