Threats Tagged 'grabbot'
View all threats tagged with 'grabbot'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'grabbot'
Click on any threat for detailed analysis and mitigation recommendations
LofyStealer: Malware targeting Minecraft players. 0 A sophisticated two-stage infostealer named LofyStealer, also known as GrabBot/Slinky, targets Minecraft players through social engineering. The malware comprises a 53.5MB Node.js-based loader disguised within legitimate libraries and a 1.4MB native C++ payload that executes directly in memory. It extracts cookies, passwords, tokens, credit cards, and IBANs from eight different browsers including Chrome, Edge, Brave, Opera GX, and Firefox. The loader uses GitHub Actions for automated compilation while the payload employs direct syscalls to bypass EDR detection. Data is compressed via PowerShell, Base64-encoded, and exfiltrated to a Brazilian-hosted C2 server at 24.152.36.241. The operation is attributed with high confidence to the Brazilian cybercrime group LofyGang, operating a Malware-as-a-Service platform with Free and Premium tiers through a web panel branded as LofyStealer Advanced C2 Platform V2.0. Join the discussion | AlienVault OTX General | 04/29/2026, 12:09:47 UTC Added: 04/30/2026, 08:06:23 UTC |
Showing 1 to 1 of 1 result