Source Code For Rust-Based Info-Stealer Released On Hacker Forums (bleepingcomputer.com) 22
The source code for an information-stealing malware coded in Rust has been released for free on hacking forums, with security analysts already reporting that the malware is actively used in attacks. BleepingComputer reports: The malware, which the author claims to have developed in just six hours, is quite stealthy, with VirusTotal returning a detection rate of around 22%. As the info-stealer is written in Rust, a cross-platform language, it allows threat actors to target multiple operating systems. However, in its current form, the new info-stealer only targets Windows operating systems.
Analysts at cybersecurity firm Cyble, who sampled the new info-stealer and named it "Luca Stealer," report that the malware comes with standard capabilities for this type of malware. When executed, the malware attempts to steal data from thirty Chromium-based web browsers, where it will steal stored credit cards, login credentials, and cookies. The stealer also targets a range of "cold" cryptocurrency and "hot" wallet browser addons, Steam accounts, Discord tokens, Ubisoft Play, and more. Where Luca Stealer stands out against other info-stealers is the focus on password manager browser addons, stealing the locally stored data for 17 applications of this kind. In addition to targeting applications, Luca also captures screenshots and saves them as a .png file, and performs a "whoami" to profile the host system and send the details to its operators.
Analysts at cybersecurity firm Cyble, who sampled the new info-stealer and named it "Luca Stealer," report that the malware comes with standard capabilities for this type of malware. When executed, the malware attempts to steal data from thirty Chromium-based web browsers, where it will steal stored credit cards, login credentials, and cookies. The stealer also targets a range of "cold" cryptocurrency and "hot" wallet browser addons, Steam accounts, Discord tokens, Ubisoft Play, and more. Where Luca Stealer stands out against other info-stealers is the focus on password manager browser addons, stealing the locally stored data for 17 applications of this kind. In addition to targeting applications, Luca also captures screenshots and saves them as a .png file, and performs a "whoami" to profile the host system and send the details to its operators.
It's made off with the 't' now (Score:5, Funny)
Re: (Score:1)
Yet another typo the slashdot "editors" will never fix. It's almost as if they aren't actually ... editors.
Re: (Score:3, Funny)
Yet another typo the slashdot "editors" will never fix. It's almost as if they aren't actually ... editors.
hey are ediors.
Re: It's made off with the 't' now (Score:2)
Rust based sealer? (Score:2)
I was all excited for a new automotive undercoating. Living in the rust belt takes a toll on vehicles.
Re: Rust based sealer? (Score:1)
I am having trouble applying POR 15 to my keyboard
Sandboxing the browser (Score:3)
This kind of attack can be mitigated by running the browser in a sandbox (e.g. firejail/bubblewrap). However it becomes annoying to the user because legitimately downloaded files can only be saved into particular folders.
Re: (Score:2)
This kind of attack can be mitigated by running the browser in a sandbox...
It seems that this specific attack can also be mitigated by not using a Chromium-based browser and/or not using certain add-ons and browser-based password managers. I'm good on both counts - my browser is pretty much just that, and is not Chromium based.
Because of the hubris I just displayed I'm half-expecting to have my data compromised in some other manner. Superstition is a bitch.
Re: (Score:2)
Oh. Well, I could add support for those other add-ons if you want. The source is actually pretty well written and easily maintainable.
Sounds bad for Firefox (Score:3)
When executed, the malware attempts to steal data from thirty Chromium-based web browsers
You know Firefox has hit a new low when things like this don't even bother checking if that's where you're data is stored.
The stealer also targets a range of "cold" cryptocurrency and "hot" wallet browser addons, Steam accounts, Discord tokens, Ubisoft Play, and more
I guess I've also hit an age where I don't do stupid shit like NFTs and fucking tokens. So clearly this thing would find my system a desert of information to harvest.
Where Luca Stealer stands out against other info-stealers is the focus on password manager browser addons, stealing the locally stored data for 17 applications of this kind
Don't have one of those either. Clearly the old method of keeping all my passwords in my head is for old people.
In addition to targeting applications, Luca also captures screenshots and saves them as a .png file, and performs a "whoami" to profile the host system and send the details to its operators
That's neat. I'm guessing this is why Linux isn't a target just yet. If you're doing X11, this would totally work, but under Wayland you'd get a popup indicating someone was trying to take a screenshot without proper permissions to the portal. Also, I'm disappointed that the code doesn't do some rad neofetch Unix kids these days seem to love. (/sarcasm)
The malware will use a Discord webhook to send the data back to the attackers for larger logs of stolen data
Okay if that doesn't convince everyone that Discord is just glorified IRC then I don't know what else I need to say.
Finally, Luca is written in Rust, which means that porting it to Linux or macOS isn't complicated, so the original author or someone else might perform that conversion in the future
That's mostly because Windows has ReadFileEx call for C and everyone else has the sane fopen call. However, in Rust we all get std::fs::File for the basic stuff that this thing would need. I mean obviously the absolute path things are stored change per OS so that'll need to be in the binary, but the file opening can just be a few lines of Rust.
Re: (Score:2)
> Don't have one of those either. Clearly the old method of keeping all my passwords in my head is for old people
Tell me you re-use passwords without telling me, etc, etc.
Re: (Score:3)
Tell me you re-use passwords without telling me, etc, etc.
Actually I just use a mental mash up with website I using. As an example:
1D0!Search0n!Goole
1L1st3n!T0Music!Spotify
Or something similar. It's mostly a verb (a char) some property of the site (a char) and the Site's proper name. Numbers replace vowel in the verb always, only the first O in the second is change, name remains unchanged in the third. The (a char) changes based on the number of times I've changed passwords. So the first password is !/!, second would be !/@, and so on.
Additionally, "I Do" and
Re: Sounds bad for Firefox (Score:2)
Safe computing (Score:3)
That's mostly because Windows has ReadFileEx call for C and everyone else has the sane fopen call. However, in Rust we all get std::fs::File for the basic stuff that this thing would need. I mean obviously the absolute path things are stored change per OS so that'll need to be in the binary, but the file opening can just be a few lines of Rust.
The irony of it. And Rust was supposed to promote "safe" computing.
Re: (Score:2)
Any tool can be used for good or ill intent. I can use a hammer to build a house or I can use it to bash someone's head in.
You can make malware in any language. That doesn't mean anything for the language chosen.
"Info-Sealer" is the opposite of "Info-Stealer" (Score:2)
Maybe it was wishful thinking going on to rid the world of this malware problem
where to get the source ( for education) (Score:2)
Where to get the source?
Information-sealing (Score:1)
There's a term for that: immutable
If It Was Written In RUST (Score:2)