Categories: InfoSec News

Source code for Rust-based info-stealer released on hacker forums

Published by
RiSec.n0tst3

The source code for an information-stealing malware coded in Rust has been released for free on hacking forums, with security analysts already reporting that the malware is actively used in attacks.

The malware, which the author claims to have developed in just six hours, is quite stealthy, with VirusTotal returning a detection rate of around 22%.

Malware author posting his creation on a darknet forum

As the info-stealer is written in Rust, a cross-platform language, it allows threat actors to target multiple operating systems. However, in its current form, the new info-stealer only targets Windows operating systems.

Malware capabilities

Analysts at cybersecurity firm Cyble, who sampled the new info-stealer and named it “Luca Stealer,” report that the malware comes with standard capabilities for this type of malware.

When executed, the malware attempts to steal data from thirty Chromium-based web browsers, where it will steal stored credit cards, login credentials, and cookies.

The stealer also targets a range of “cold” cryptocurrency and “hot” wallet browser addons, Steam accounts, Discord tokens, Ubisoft Play, and more.

Where Luca Stealer stands out against other info-stealers is the focus on password manager browser addons, stealing the locally stored data for 17 applications of this kind.

Targeted browser extensions (Cyble)

In addition to targeting applications, Luca also captures screenshots and saves them as a .png file, and performs a “whoami” to profile the host system and send the details to its operators.

Collecting host system information (Cyble)

One notable capability typically found in other info-stealers but is not available in Luca is a clipper used to modify clipboard contents to hijack cryptocurrency transactions.

The exfiltration of the stolen data is done via Discord webhooks or Telegram bots, depending on whether the exfiltrated file is above 50MB or not. The malware will use a Discord webhook to send the data back to the attackers for larger logs of stolen data.

The stolen data is packed inside a ZIP archive accompanied by a summary of what’s included, so the operator can evaluate the extent of the loot at a single glance.

Summary of stolen files sent along the ZIP file (Cyble)

Should we be concerned?

Cyble reports that it has seen at least 25 instances of Luca Stealer used in the wild, so while some cybercriminals took up the free offer, it’s unknown if this new malware will see massive deployment.

However, The fact that it’s offered for free with source code, whereas most info-stealers are sold at a monthly subscription cost, could be a driver, but Luca isn’t the only one to be given away at no charge.

Finally, Luca is written in Rust, which means that porting it to Linux or macOS isn’t complicated, so the original author or someone else might perform that conversion in the future.

source

Suggest an edit to this article

Go to Cybersecurity Knowledge Base

Got to the Latest Cybersecurity News

Go to Cybersecurity Academy

Go to Homepage

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmark Close
Social Comments Box
Connect
Share the word, let's increase Cybersecurity Awareness as we know it

This post was last modified on 25 July 2022 9:10 PM

RiSec.n0tst3

Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

Leave a Comment
Published by
RiSec.n0tst3
Tags: Info stealer Rust Source Code Stealer

Recent Posts

  • Data Breach News
  • InfoSec News

WH Smith Announces Cyber-Attack: Employee Data Stolen

British high street chain WH Smith has recently revealed that it was hit by a…

2 years ago
  • InfoSec News
  • World Affairs

Voice ID: How Secure is it Really?

As banks worldwide roll out Voice ID as a means of user authentication over the…

2 years ago
  • Cybersecurity Academy
  • InfoSec News

What distinguishes Application Security from API Security?

In the era of digital transformation, cybersecurity has become a major concern for businesses. When…

2 years ago
  • Cybersecurity Academy
  • InfoSec News

The Top 5 Cybersecurity threats facing Businesses Today

In today's digital age, cybersecurity threats have become a significant concern for businesses of all…

2 years ago
  • InfoSec News
  • World Affairs

Enterprise users infected by RIG Exploit Kit thanks to Internet Explorer

The RIG Exploit Kit is currently in the midst of its most productive phase, attempting…

2 years ago
  • Cybersecurity Academy

The Rise and Rise of AI

One of the most transformational technologies of our time, artificial intelligence (AI), has quickly come…

2 years ago