More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child’s among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date.
Between October 2025 and January 2026, the hacking group is said to have compromised over 610,000 Roblox accounts, including at least 357 high-value “elite” accounts, making around $225,000 from selling access to them. The hackers distributed infostealing malware disguised as game-enhancement tools, harvested login credentials from infected devices, and sold accounts through a Russian website and closed online communities based on their value.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Russian Hackers Target U.S. HIMARS Maker in ‘New Type of Attack’
August 1, 2022
ussian hackers have launched “a new type of attack” on American military company Lockheed Martin, the maker of the M142 High Mobility Artillery Rocket System (HIMARS), the weapon the hackers believe is responsible for thousands of deaths in Ukraine, according to a pro-Moscow news website. The Kremlin-supporting Life website reported that the cyberattack by the Killnet ...
- Huge network of 11,000 fake investment sites targets Europe
July 31, 2022
Researchers have uncovered a gigantic network of more than 11,000 domains used to promote numerous fake investment schemes to users in Europe. The platforms show fabricated evidence of enrichment and falsified celebrity endorsements to create an image of legitimacy and lure in a larger number of victims. The goal of the operation is to trick users into ...
- LofyLife: malicious npm packages steal Discord tokens and bank card data
July 28, 2022
On July 26, using the internal automated system for monitoring open-source repositories, Kaspersky researchers identified four suspicious packages in the Node Package Manager (npm) repository. All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign “LofyLife”. The Python malware is a modified version of an open-source token logger called Volt ...
- U.S. doubles reward for tips on North Korean-backed hackers
July 26, 2022
The U.S. State Department has increased rewards paid to anyone providing information on any North Korean-sponsored threat groups’ members to $10 million. “If you have information on any individuals associated with the North Korean government-linked malicious cyber groups (such as Andariel, APT38, Bluenoroff, Guardians of Peace, Kimsuky, or Lazarus Group) and who are involved in targeting ...
- Attackers Move Quickly to Exploit High-Profile Zero Days: Insights From the 2022 Unit 42 Incident Response Report
July 26, 2022
Software vulnerabilities remain a key avenue of initial access for attackers according to the 2022 Unit 42 Incident Response Report. While this underscores the need for organizations to operate with a well-defined patch management strategy, we’ve observed that attackers are increasingly quick to exploit high-profile zero-day vulnerabilities, further increasing the time pressure on organizations when ...
- LockBit ransomware gang claims it ransacked Italy’s tax agency
July 26, 2022
The LockBit ransomware crew is claiming to have stolen 78GB of data from Italy’s tax agency and is threatening to leak it if a ransom isn’t paid by July 31. The notorious gang put a notice on its dark-web site adding the agency – the Agenzia delle Entrate – to its growing list of victims. According ...