Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security

Source Code For Rust-Based Info-Stealer Released On Hacker Forums (bleepingcomputer.com) 22

The source code for an information-stealing malware coded in Rust has been released for free on hacking forums, with security analysts already reporting that the malware is actively used in attacks. BleepingComputer reports: The malware, which the author claims to have developed in just six hours, is quite stealthy, with VirusTotal returning a detection rate of around 22%. As the info-stealer is written in Rust, a cross-platform language, it allows threat actors to target multiple operating systems. However, in its current form, the new info-stealer only targets Windows operating systems.

Analysts at cybersecurity firm Cyble, who sampled the new info-stealer and named it "Luca Stealer," report that the malware comes with standard capabilities for this type of malware. When executed, the malware attempts to steal data from thirty Chromium-based web browsers, where it will steal stored credit cards, login credentials, and cookies. The stealer also targets a range of "cold" cryptocurrency and "hot" wallet browser addons, Steam accounts, Discord tokens, Ubisoft Play, and more. Where Luca Stealer stands out against other info-stealers is the focus on password manager browser addons, stealing the locally stored data for 17 applications of this kind. In addition to targeting applications, Luca also captures screenshots and saves them as a .png file, and performs a "whoami" to profile the host system and send the details to its operators.

This discussion has been archived. No new comments can be posted.

Source Code For Rust-Based Info-Stealer Released On Hacker Forums

Comments Filter:
  • by SysDaemon ( 301739 ) on Monday July 25, 2022 @07:56PM (#62733464) Homepage
    Darn info-sealer. I'll get you.
  • I was all excited for a new automotive undercoating. Living in the rust belt takes a toll on vehicles.

  • by test321 ( 8891681 ) on Monday July 25, 2022 @08:08PM (#62733484)

    This kind of attack can be mitigated by running the browser in a sandbox (e.g. firejail/bubblewrap). However it becomes annoying to the user because legitimately downloaded files can only be saved into particular folders.

    • This kind of attack can be mitigated by running the browser in a sandbox...

      It seems that this specific attack can also be mitigated by not using a Chromium-based browser and/or not using certain add-ons and browser-based password managers. I'm good on both counts - my browser is pretty much just that, and is not Chromium based.

      Because of the hubris I just displayed I'm half-expecting to have my data compromised in some other manner. Superstition is a bitch.

      • Oh. Well, I could add support for those other add-ons if you want. The source is actually pretty well written and easily maintainable.

  • by slack_justyb ( 862874 ) on Monday July 25, 2022 @08:49PM (#62733568)

    When executed, the malware attempts to steal data from thirty Chromium-based web browsers

    You know Firefox has hit a new low when things like this don't even bother checking if that's where you're data is stored.

    The stealer also targets a range of "cold" cryptocurrency and "hot" wallet browser addons, Steam accounts, Discord tokens, Ubisoft Play, and more

    I guess I've also hit an age where I don't do stupid shit like NFTs and fucking tokens. So clearly this thing would find my system a desert of information to harvest.

    Where Luca Stealer stands out against other info-stealers is the focus on password manager browser addons, stealing the locally stored data for 17 applications of this kind

    Don't have one of those either. Clearly the old method of keeping all my passwords in my head is for old people.

    In addition to targeting applications, Luca also captures screenshots and saves them as a .png file, and performs a "whoami" to profile the host system and send the details to its operators

    That's neat. I'm guessing this is why Linux isn't a target just yet. If you're doing X11, this would totally work, but under Wayland you'd get a popup indicating someone was trying to take a screenshot without proper permissions to the portal. Also, I'm disappointed that the code doesn't do some rad neofetch Unix kids these days seem to love. (/sarcasm)

    The malware will use a Discord webhook to send the data back to the attackers for larger logs of stolen data

    Okay if that doesn't convince everyone that Discord is just glorified IRC then I don't know what else I need to say.

    Finally, Luca is written in Rust, which means that porting it to Linux or macOS isn't complicated, so the original author or someone else might perform that conversion in the future

    That's mostly because Windows has ReadFileEx call for C and everyone else has the sane fopen call. However, in Rust we all get std::fs::File for the basic stuff that this thing would need. I mean obviously the absolute path things are stored change per OS so that'll need to be in the binary, but the file opening can just be a few lines of Rust.

    • > Don't have one of those either. Clearly the old method of keeping all my passwords in my head is for old people

      Tell me you re-use passwords without telling me, etc, etc.

      • Tell me you re-use passwords without telling me, etc, etc.

        Actually I just use a mental mash up with website I using. As an example:

        1D0!Search0n!Goole

        1L1st3n!T0Music!Spotify

        Or something similar. It's mostly a verb (a char) some property of the site (a char) and the Site's proper name. Numbers replace vowel in the verb always, only the first O in the second is change, name remains unchanged in the third. The (a char) changes based on the number of times I've changed passwords. So the first password is !/!, second would be !/@, and so on.

        Additionally, "I Do" and

    • That's mostly because Windows has ReadFileEx call for C and everyone else has the sane fopen call. However, in Rust we all get std::fs::File for the basic stuff that this thing would need. I mean obviously the absolute path things are stored change per OS so that'll need to be in the binary, but the file opening can just be a few lines of Rust.

      The irony of it. And Rust was supposed to promote "safe" computing.

      • Any tool can be used for good or ill intent. I can use a hammer to build a house or I can use it to bash someone's head in.

        You can make malware in any language. That doesn't mean anything for the language chosen.

  • Maybe it was wishful thinking going on to rid the world of this malware problem

  • I would like to look at the code to understand, what he did.
    Where to get the source?
  • There's a term for that: immutable

  • It will not have any memory leakage issues, right?

"Show me a good loser, and I'll show you a loser." -- Vince Lombardi, football coach

Working...