"Source Code for Rust-Based 'Luca Stealer' Info-Stealer Released on Hacker Forums"
The source code for an information-stealing malware written in Rust has been made available for free on hacking forums, and security analysts report that the malware is already being used in the wild. The malware, which the author claims was created in just six hours, is stealthy, with VirusTotal reporting a detection rate of around 22 percent. Since the info-stealer is written in Rust, a cross-platform language, threat actors can target various operating systems. However, the new info-stealer currently only targets Windows operating systems. Analysts at cybersecurity firm Cyble, who sampled and named the new info-stealer "Luca Stealer," report that the malware has standard capabilities for this type of malware. When run, the malware attempts to steal data from thirty Chromium-based web browsers, stealing stored credit cards, login credentials, and cookies. The malware also targets "cold" and "hot" cryptocurrency wallet browser addons, along with Steam accounts, Discord tokens, Ubisoft Play, and other services. Luca Stealer differs from other info-stealers in that it focuses on password manager browser addons, stealing the locally stored data for 17 of these applications. Luca not only targets applications, but also takes screenshots and saves them as .png files, and runs a "whoami" command to profile the host system and send the results to its operators. A clipper, which is typically found in other info-stealers but is not available in Luca, is used to modify clipboard contents in order to hijack cryptocurrency transactions. The stolen data is exfiltrated using Discord webhooks or Telegram bots, depending on whether the exfiltrated file is larger than 50MB. For larger logs of stolen data, the malware will use a Discord webhook to send the data back to the attackers. The stolen data is packed inside a ZIP archive with a summary of what is included, allowing the operator to assess the scope of the loot at a glance. This article continues to discuss the capabilities and potential severity of the Luca Stealer malware.