2 min Security

Luca Stealer malware spreads rapidly after code shared on forum

Luca Stealer malware spreads rapidly after code shared on forum

A rust-based malware named Luca Stealer spread rapidly after its source code was published on a cybercrime forum.

The data-stealing malware is programmed in Rust. Dubbed ‘Luca Stealer’, the malware was first shared at the beginning of July. The developer posted the code on a cybercrime forum and provided instructions for modifying and compiling it. Since, the malware has been upgraded 3 times. The developer appears to be continually adding functionality.

Luca Stealer

The malware is designed solely to target crypto wallets, chat applications, gaming applications and Chromium-based browsers. It can steal browser cookies, login credentials, saved credit cards, information stored on crypto wallets and details from game apps.

According to BleepingComputer, the malware is mainly interested in password manager addons that carry information from various applications. Researchers from Cyble witnessed over 20 samples connected to the Luca Stealer code. They warn the malware will add more capabilities with time and could be used by several threat actors across the world.

Why Rust?

Various cybersecurity researchers are interested to know why the developer wrote Luca Stealer in Rust. “As a development language, Rust has been gaining in popularity”, Mike Parkin, senior technical engineer at Vulcan Cyber, told SiliconANGLE. “Threat actors will see the same technical advantages that other developers have in their shift to Rust from other languages, such as C++.”

Brendan Hohenadel, engineer at Lares, noted that “threat actors have begun using Rust recently thanks to its relative ease of use compared with other programming languages and its ability to interact with application programming interfaces of the Microsoft Windows operating system, granting low-level access, while simplifying historically complex aspects of programming like memory management.”

Tip: Rust is popular among ransomware-as-a-service groups