Vulnerability Management

Luca Stealer source code leaked

Cyble researchers reported that the source code for the new Rust-based Luca Stealer info-stealer has been leaked on hacking forums and has already been leveraged in attacks, according to BleepingComputer. Aside from being able to exfiltrate login credentials, stored credit cards, and cookies from 30 Chromium-based browsers, Luca Stealer could also compromise cryptocurrency and hot wallet browser plugins, Discord tokens, Steam accounts, and Ubisoft Play, the report showed. Seventeen different password manager browser addons could also be targeted by Luca Stealer, which leverages Telegram bots or Discord webhooks to facilitate data exfiltration depending on file size. Operators could also easily examine the extent of exfiltrated data that are packed within a ZIP archive that includes a summary of contents. The report noted that there have been at least 25 Luca Stealer instances in the wild and while massive development of the malware is yet to be seen, its use of the Rust programming language indicates easy porting to macOS or Linux.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.