UPDATED 20:55 EDT / JULY 26 2022

SECURITY

New Rust-based malware spreads after code shared on cybercrime forum

A new form of information-stealing malware based on the Rust programming language is rapidly spreading after the source code was recently shared on a popular cybercrime forum.

Detailed Monday by researchers at Cyble Inc., the malware, dubbed “Luca Stealer,” was first shared on July 3. The malware developer is believed to have shared the source code to build a reputation for itself.

The developer also provided steps to modify the malware and compile source code for ease of use. Since first being shared, Luca Stealer has been updated three times and the malware developer is said to be continuously adding multiple functions.

Luca Stealer is designed to target Chromium-based browsers, chat applications, crypto wallets and gaming applications. The malware can steal stored credit cards, login credentials, cookies in browsers, access cryptocurrency wallet browser add-ons and steal details from gaming applications.

Bleeping Computer reports that Luca Stealer is particularly interesting in that it focuses on password manager browser add-ons, stealing locally stored data for 17 applications of its kind.

The Cyble researchers so far have witnessed 25 samples based on the Luca Stealer source code in the wild. They warn that more capabilities could be added to the malware in the future and can be expected to be adopted by multiple threat actors worldwide.

The choice of the Rust programming language to create Luca Stealer was of particular interest to cybersecurity researchers.

“As a development language, Rust has been gaining in popularity with many developers embracing it,” Mike Parkin, senior technical engineer at cyber risk remediation company Vulcan Cyber Ltd., told SiliconANGLE. “Threat actors will see the same technical advantages that other developers have in their shift to Rust from other languages, such as C++.”

Brendan Hohenadel, adversarial engineer at information security firm Lares LLC noted that “threat actors have begun using Rust recently thanks to its relative ease of use compared with other programming languages and its ability to interact with application programming interfaces of the Microsoft Windows operating system, granting low-level access, while simplifying historically complex aspects of programming like memory management.”

Image: Cyble

A message from John Furrier, co-founder of SiliconANGLE:

Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.

  • 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
  • 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.