July 26, 2022

The source code of an information-stealing malware written in Rust was published free of charge on hacking forums. Rust, a cross-platform language, enables threat actors to target multiple operating systems.

Although security analysts have reported that the malware is actively used in attacks, it has been made clear that the malware in its current form only targets Windows operating systems.

According to Cyble researchers, the new info-stealer called “Luca Stealer” comes with standard capabilities. When executed, the malware attempts to steal data from thirty Chrome-based web browsers where it will steal stored credit cards, login credentials, and cookies.

The stealer also targets a number of “cold” cryptocurrencies and “hot” wallet browser add-ons, Steam accounts, Discord tokens, Ubisoft Play and others. While targeting applications, the malicious software also captures screenshots and stores them as a .png file, and performs a “whoami” to profile the host system and send the details to its operators.

The exfiltration of the stolen data takes place via Discord webhooks or Telegram bots depending on the size of the stolen file. Once it exceeds 50 MB, the malware uses a Discord webhook to send the data back to the attackers.

Unlike other info-stealers, Luca does not have a clipper, which is used to modify the contents of the clipboard to hijack cryptocurrency transactions.

The sources for this piece include an article in BleepingComputer.