A new form of information-stealing malware based on the Rust programming language is rapidly spreading after the source code was recently shared on a popular cybercrime forum.
Detailed Monday by researchers at Cyble Inc., the malware, dubbed “Luca Stealer,” was first shared on July 3. The malware developer is believed to have shared the source code to build a reputation for itself.
The developer also provided steps to modify the malware and compile source code for ease of use. Since first being shared, Luca Stealer has been updated three times and the malware developer is said to be continuously adding multiple functions.
Luca Stealer is designed to target Chromium-based browsers, chat applications, crypto wallets and gaming applications. The malware can steal stored credit cards, login credentials, cookies in browsers, access cryptocurrency wallet browser add-ons and steal details from gaming applications.
Bleeping Computer reports that Luca Stealer is particularly interesting in that it focuses on password manager browser add-ons, stealing locally stored data for 17 applications of its kind.
The Cyble researchers so far have witnessed 25 samples based on the Luca Stealer source code in the wild. They warn that more capabilities could be added to the malware in the future and can be expected to be adopted by multiple threat actors worldwide.
The choice of the Rust programming language to create Luca Stealer was of particular interest to cybersecurity researchers.
“As a development language, Rust has been gaining in popularity with many developers embracing it,” Mike Parkin, senior technical engineer at cyber risk remediation company Vulcan Cyber Ltd., told SiliconANGLE. “Threat actors will see the same technical advantages that other developers have in their shift to Rust from other languages, such as C++.”
Brendan Hohenadel, adversarial engineer at information security firm Lares LLC noted that “threat actors have begun using Rust recently thanks to its relative ease of use compared with other programming languages and its ability to interact with application programming interfaces of the Microsoft Windows operating system, granting low-level access, while simplifying historically complex aspects of programming like memory management.”
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.