Luca Stealer malware spreads- As its creator continues to add features and just made the source code available on GitHub, a new info-stealer virus is fast spreading in the public.
Additionally, the latest malware for Windows to be created with the Rust programming language is called Luca Stealer by the Cyble team that discovered it.
In a study, the researchers noted that since Luca Stealer’s source code was made public through GitHub on July 3, it has already undergone three updates, during which the creator included a number of new functionalities. This may mean that the cybercriminal community will use Luca Stealer more frequently.
The researchers stated that the stealer’s creator, who is apparently new to the cybercrime forum, “likely disclosed the stealer’s source code to create a name for themselves.” For simplicity of usage, the developer has also supplied instructions on how to edit the stealer and build the source code.
Because of its adaptability and cross-platform nature, as well as the fact that the produced code might be foreign to certain reverse researchers and their tools, Rust is fast becoming the programming language of choice for malware creators, according to their investigation.
The popular Hive ransomware group switched its source code this year from Go to Rust, according to experts from Microsoft’s Threat Intelligence Center earlier this month. This move made the extortionware more reliable and challenging to reverse engineer.
Rust is being used by other threat actors, such as the BlackCat ransomware-as-a-service gang. In addition, Luna, a new ransomware family built in Rust, was described in this month’s article by Kaspersky security experts. This is nothing new to us; Rust is regarded as a promising general-purpose language that programmers use for both good and bad projects.
According to Casey Bisson, head of product as well as developer enablement at code security company BluBracket, “Rust is to C as Go is to Java.” “It is quick, little, and contemporary. The Go and Node.js-like developer ease offered by the Cargo package management is more comparable to C’s performance. Attackers can benefit greatly from Rust’s native capability for linking against C libraries, such as those used to offer code functions in many os’s.”
Bisson continued, “The “It will become a more often used development platform for emerging threats due to a mix of developer comfort, capabilities, and performance. Due to the platform’s novelty, several software scanners may not be able to detect threat signatures in binaries created with Rust.”
According to Brendan Hohenadel, an adversarial engineer at LARES Consulting, Rust is a desirable language because of, among other things, its simplicity of use, support for Windows APIs, as well as memory management strategy that attempts to increase program stability.
Threat actors may more quickly and effectively create malware in Rust that is functionally equivalent to malware created in more sophisticated languages, according to Hohenadel. “Along with other more recent programming languages like Golang and Nim, Rust also produces executable binaries for manual as well as static analysis.
Other widely used languages, like C++, C#, and.Net, are simple to reverse engineer as well as decompile, making it simpler for defenders to carry out investigations and link malicious behavior to criminal organizations.”
With code produced by the Rust toolchain, the reverse engineering process may take longer, based on the tools employed and the analyst’s level of expertise. The executable has been created so that “is, in fact, a black hole. It is far more difficult to obtain details from the program for attribution without executing it in a sandbox or a setting with monitoring tools “explained he.
Despite Rust being a cross-platform language, Luca Stealer presently solely targets Windows OSes, claim Cyble researchers. The virus will be used by several attackers worldwide because it was created in Rust and is available for free, they stated.
Once installed on a computer, Luca Stealer targets over 30 Chromium-based browsers, as well as chat programmes, cryptocurrency wallets, and gaming programmes, taking login information, credit card information, and cookies and storing it to a text file for exfiltration. The files of victims may also be stolen.
Originally intended to exfiltrate stolen information using a Telegram bot, it could only upload files up to 50MB in size before the developer added support for Discord web hooks.
With a hardcoded file-system location to the wallets in the source code, the virus targets 10 cold cryptocurrency wallets for exfiltration. Password manager browser extensions and cryptocurrency wallets for further than 20 browsers are also targets, according to their report. Attackers can use the unique IDs assigned to each browser to find extensions in the AppData directory.
Additionally, Luca Stealer searches infected systems for the Telegram, Uplay, and Steam programs before grabbing data from various directories. Additionally, it searches for Skype, Discord, ICQ, Element, as well as four other messaging programs.
Users can safeguard themselves against malware such as Luca Stealer in a number of ways, according to the Cyble researchers. These include avoiding downloading files from dubious sources, routinely clearing their browsing histories as well as passwords, automatically upgrading software on connected devices, as well as operating antivirus as well as online security apps on computers.
- What is Cybersecurity Threats?
- What is Cybersecurity? Everything You Need to Know
- New Cyberpunk 2077 Technical Update Fixes Disc Issue on PS4
Businesses also have to keep educating staff members about dangers such as phishing and dubious URLs.