Dozens of ‘Luca Stealer’ Malware Samples Emerge After Source Code Made Public – SecurityWeek

Posted under Programming, Technology On By James Steward

Hi, what are you looking for?
Security researchers have observed an uptick in new Luca Stealer samples after the malware’s source code was made public.
Coded in Rust, the malware was initially observed in early July 2022, when its developer posted the source code on cybercrime forums, likely in an effort to boost their reputation.
By
Flipboard
Reddit
Pinterest
Whatsapp
Whatsapp
Email
Security researchers have observed an uptick in new Luca Stealer samples after the malware’s source code was made public.
Coded in Rust, the malware was initially observed in early July 2022, when its developer posted the source code on cybercrime forums, likely in an effort to boost their reputation.
The developer has since expanded the information stealer’s capabilities and also published the source code on GitHub. More than 25 Luca Stealer samples have been observed in the wild since the code was made public, security researchers at Cyble say.
Luca Stealer can extract information from numerous Chromium-based browsers, but also targets messaging applications, crypto wallets, and other applications. Furthermore, it has been updated with file-stealing capabilities.
According to Cyble, the stealer has been updated at least three times since the beginning of July, and its developer has shared information on how others can modify the malware and compile the source code.
The researchers also note that multiple threat actors might have already engaged in the development of the stealer.
The threat is designed to collect system information – such as desktop environment, device name, operating system distribution, hostname, username, language, network interface name, number of CPUs, memory details, and running processes – and store it in a text file.
It can also steal login credentials, credit card data, and cookies from over 30 Chromium-based browsers; data from 10 cold cryptocurrency wallets; data from the browser extensions of password managers and crypto wallets; and information from Steam, Telegram, and Uplay applications. Targeted messaging applications include Discord, ICQ, Element, and Skype.
Initially, Luca Stealer exfiltrated data using a Telegram bot, but the developer has since added support for Discord webhooks.
At the moment, Luca Stealer only targets Windows systems, but Cyble’s researchers believe that the malware developer may soon leverage Rust’s cross-platform capabilities to release variants targeting other platforms as well.
“As the stealer is written in Rust and is released for free, we can expect it to be adopted by multiple threat actors across the world,” Cyble concludes.
Related: Ukrainian Security Researcher Leaks Newer Conti Ransomware Source Code
Related: Leaked Carbanak Source Code Reveals No New Exploits
Related: Source Code of New Iran-Linked Hacking Tool Posted Online

Ionut Arghire is an international correspondent for SecurityWeek.
Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the password dependency cycle. But how can this be done?
Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make for successful board members.
A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.
Tips for making a presentation that will help improve the state of security programs and reflect favorably on the presenters and their companies
XDR’s fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture
Flipboard
Reddit
Pinterest
Whatsapp
Whatsapp
Email
Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.
Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.
A digital ad fraud scheme dubbed “VastFlux” spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.
Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.
Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands.
A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of…
PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.
Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.
Got a confidential news tip? We want to hear from you.
Reach a large audience of enterprise cybersecurity professionals
Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.
Copyright © 2023 Wired Business Media. All Rights Reserved.

source

Note that any programming tips and code writing requires some knowledge of computer programming. Please, be careful if you do not know what you are doing…

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.