Uptime Hamster: 3d 7h 57mDeploy: 14 Jul 2026 21:26Updated: 2026-07-16
Logo del actor de amenaza LofyGang

LofyGang

0 incidentes 0 paises 0 sectores apt BR Ultimo: -
Ver en IntelTracker → APTTrail →
LofyGang is a Brazilian-origin cybercriminal group that emerged in 2020, primarily focused on financially motivated cybercrime through software supply chain attacks and credential theft. The group is distinguished by its extensive abuse of open-source package managers, particularly NPM, to distribute malicious packages. Initially known for JavaScript-based payloads targeting Discord tokens and credit card information, LofyGang has evolved to deploy more capable native Windows binaries incorporating direct syscall-level process injection and full-featured Remote Access Trojans. They are assessed with high confidence to be of Brazilian origin due to the prevalent use of Brazilian Portuguese in their malware and communications. LofyGang operates under various aliases, including DyPolarLofy and PolarLofy, and was also referred to as LofyLife by Kaspersky. Their primary motivation is financial gain through the theft and monetization of sensitive data, including credit card details, gaming a
Tecnicas MITRE
T1059, T1078, T1105, T1210, T1566.001
Tipo
apt
Pais origen
BR
Motivacion
-
Impacto
14
Actualizado
Wed, 08 No

Sectores objetivo (SOCRadar)

Arts & EntertainmentSoftware Publishers