Cyble researchers reported that the source code for the new Rust-based Luca Stealer info-stealer has been leaked on hacking forums and has already been leveraged in attacks, according to BleepingComputer.
Aside from being able to exfiltrate login credentials, stored credit cards, and cookies from 30 Chromium-based browsers, Luca Stealer could also compromise cryptocurrency and hot wallet browser plugins, Discord tokens, Steam accounts, and Ubisoft Play, the report showed.
Seventeen different password manager browser addons could also be targeted by Luca Stealer, which leverages Telegram bots or Discord webhooks to facilitate data exfiltration depending on file size. Operators could also easily examine the extent of exfiltrated data that are packed within a ZIP archive that includes a summary of contents.
The report noted that there have been at least 25 Luca Stealer instances in the wild and while massive development of the malware is yet to be seen, its use of the Rust programming language indicates easy porting to macOS or Linux.
Cyberattack disclosed by HTC Global Services following ALPHV/BlackCat leak After having its data exposed by the ALPHV/BlackCat ransomware attack, IT and business process services provider HTC Global Services has disclosed being impacted by a cyberattack, reports BleepingComputer.
Numerous Web3 smart contracts, including DropERC20, AirDrop20, ERC721, and ERC1155, were discovered by Thirdweb to be exposed to a vulnerability in a widely used open-source nonfungible token library, reports SiliconAngle.
Vulnerability management: Finding and fixing fatal flaws
Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow
Vulnerability management: Finding and fixing your fatal flaws
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news