If you ever wanted your very own infostealer, you can now compile one in just a few minutes, for free, courtesy of unknown threat actors.
Researchers from Cyble found an anonymous poster has shared the source code for a new strain of malware on a hacking forum. Even though it’s still fresh, the source code has already been used in the wild, the researchers further claim, adding that the infostealer has a relatively low detection rate on VirusTotal (22%).
The malware, dubbed Luca Stealer, is written in Rust, a popular programming language that allows for the creation of cross-platform apps (although it only appears to target Windows users for now).
Profiling the targets
Luca Stealer comes with a standard arsenal - stealing passwords and other data stored in Chromium-powered browsers (Chrome, Edge, Brave, etc.), which includes payment data, login credentials, and cookies.
It also steals information regarding cold and hot cryptocurrency wallets, Steam accounts, and Discord tokens, as well as data found in password management browser add-ons. Furthermore, it grabs screenshots in .png format, and runs a “whoami” command to learn more about the compromised endpoint. Perhaps surprisingly, it doesn’t hijack the clipboard, which means it doesn’t monitor cryptocurrency transactions.
Whatever data it manages to acquire, it sends to its operators in a .ZIP archive, either via Discord, or Telegram, depending on the size of the bounty.
So far, at least 25 different versions of Luca Stealer were found operational in the wild, meaning some hackers took the offer. Whether or not it grows into a massive issue, remains to be seen.
Rust is growing more popular among cybercriminals, Recently, Hive, one of the most destructive ransomware-as-a-service tools, fully migrated from GoLang, to the new programming language. Among other things, Rust offers deep control over low-level resources, has a user-friendly syntax, has several mechanisms for concurrency and parallelism, good variety of cryptographic libraries, and is relatively more difficult to reverse-engineer.
- These are the best firewalls right now