Cyble researchers reported that the source code for the new Rust-based Luca Stealer info-stealer has been leaked on hacking forums and has already been leveraged in attacks, according to BleepingComputer.
Aside from being able to exfiltrate login credentials, stored credit cards, and cookies from 30 Chromium-based browsers, Luca Stealer could also compromise cryptocurrency and hot wallet browser plugins, Discord tokens, Steam accounts, and Ubisoft Play, the report showed.
Seventeen different password manager browser addons could also be targeted by Luca Stealer, which leverages Telegram bots or Discord webhooks to facilitate data exfiltration depending on file size. Operators could also easily examine the extent of exfiltrated data that are packed within a ZIP archive that includes a summary of contents.
The report noted that there have been at least 25 Luca Stealer instances in the wild and while massive development of the malware is yet to be seen, its use of the Rust programming language indicates easy porting to macOS or Linux.
Organizations using Progress Software's enterprise-grade WS_FTP Server secure file transfer software have been urged to immediately remediate a maximum severity vulnerability, which has been fixed along with other bugs as part of a security update, reports BleepingComputer.
SiliconAngle reports that more companies have been conducting purple team cybersecurity threat evaluations, with security penetration testing firm SpecterOps being the latest to create a collaboration between its offensive and defensive cybersecurity teams in testing and defending corporate systems.