If you ever wanted to have your own information stealer, now you can build one in minutes, for free, thanks to unknown threat actors.
Cyble researchers discovered that an anonymous user shared the source code of a new strain of malware (opens in a new tab) on a hacking forum. Although still fresh, the source code has already been used in the wild, the researchers say, adding that the information stealer has a relatively low detection rate on VirusTotal (22%).
The malware, dubbed Luca Stealer, is written in Rust, a popular programming language that allows for the creation of cross-platform applications (although for now it only seems to target Windows users).
destination profile
Luca Stealer comes with a standard arsenal: steal passwords and other data stored in Chromium-powered browsers (Chrome, Edge, Brave, etc.), including payment details, login credentials, and cookies.
It also steals information about hot and cold cryptocurrency wallets, Steam accounts, and Discord tokens, as well as data found in password manager browser plugins. In addition, it captures screenshots in .png format and runs a "whoami" command to get more information about the compromised endpoint (opens in a new tab). Perhaps surprisingly, it does not hijack the clipboard, which means it does not monitor cryptocurrency transactions.
Whatever data he manages to acquire, he sends to his operators in a .ZIP file, either through Discord or Telegram, depending on the size of the bounty.
At least 25 different versions of Luca Stealer have been found operational so far, meaning some hackers have taken up the offer. Whether or not this becomes a massive problem remains to be seen.
Rust is becoming increasingly popular with cybercriminals. Recently, Hive, one of the most destructive ransomware-as-a-service tools, completely migrated from GoLang to the new programming language. Among other things, Rust offers deep control over low-level resources, has easy-to-use syntax, various concurrency and parallelism mechanisms, a good variety of cryptographic libraries, and is relatively more difficult to reverse engineer.
Via: BleepingComputer (Opens in a new tab)