More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child’s among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date.
Between October 2025 and January 2026, the hacking group is said to have compromised over 610,000 Roblox accounts, including at least 357 high-value “elite” accounts, making around $225,000 from selling access to them. The hackers distributed infostealing malware disguised as game-enhancement tools, harvested login credentials from infected devices, and sold accounts through a Russian website and closed online communities based on their value.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Darknet Marketplace Revenue Plummets After Hydra Raid
February 9, 2023
Revenue at dark web illicit marketplaces plunged in 2022 following seizure by U.S. and German police last spring of what was then the world’s largest online bazaar for illegal goods and services. The April shutdown of the Russian-speaking Hydra Market sent the illicit world of Russian-language darknet markets into a tailspin that cut overall revenue for ...
- New ESXiArgs ransomware version prevents VMware ESXi recovery
February 8, 2023
New ESXiArgs ransomware attacks are now encrypting more extensive amounts of data, making it much harder, if not impossible, to recover encrypted VMware ESXi virtual machines. Last Friday, a massive and widespread automated ransomware attack encrypted over 3,000 Internet-exposed VMware ESXi servers using a new ESXiArgs ransomware. Read more… Source: Bleeping Computer
- CISA and FBI Release ESXiArgs Ransomware Recovery Guidance
February 8, 2023
Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory, ESXiArgs Ransomware Virtual Machine Recovery Guidance. This advisory describes the ongoing ransomware campaign known as “ESXiArgs.” Malicious cyber actors may be exploiting known vulnerabilities in unpatched and out-of-service or out-of-date versions of VMware ESXi software to gain access to ESXi servers ...
- Blow to Morgan Advanced Materials as cyber-attack to cost millions to deal with
February 7, 2023
Shares in Morgan Advanced Materials tanked 7.5% to 292p this morning after the industrial manufacturer became the latest listed firm to fall victim to a cyber attack which it said would cost millions of pounds to tackle. The 166-year-old firm warned the attack meant some of its IT systems were irrecoverable, and it had been forced ...
- Medusa botnet returns as a Mirai-based variant with ransomware sting
February 7, 2023
A new version of the Medusa DDoS (distributed denial of service) botnet, based on Mirai code, has appeared in the wild, featuring a ransomware module and a Telnet brute-forcer. Medusa is an old malware strain (not to be confused with the same-name Android trojan) being advertised in darknet markets since 2015, which later added HTTP-based DDoS ...
- Clop ransomware flaw allowed Linux victims to recover files for months
February 7, 2023
The Clop ransomware gang is now also using a malware variant that explicitly targets Linux servers, but a flaw in the encryption scheme has allowed victims to quietly recover their files for free for months. This new Linux version of Clop was spotted in December 2022 by Antonis Terefos, a researcher at SentinelLabs, after the threat ...