A few weeks ago, on July 3, a new malware joined the already dense market of spyware specialized in data theft. The newcomer was dubbed “Luca Stealer” by Cyble, the cyber threat intelligence firm that reported his discovery a few days ago.
And this is rather disturbing news. Because after the publication of the source code on a first forum of cybercriminals, this trojan has since been available on other forums. It even has its GitHub repository where you can find tips for installing the malware. “The developer probably unveiled the source code of his stealer to build a reputation,” says Cyble.
In search of notoriety
On this subject, the text of presentation of the malware specifies that the development took only six hours to the developer, a way therefore to be lathered. Another clue that shows that the author of the malware is seeking notoriety: the GitHub already lists the first press articles relating to the malware.
This publication on GitHub “could lead to wider adoption” of the malware, worries Cyble. The free new stealer should indeed arouse interest. By way of comparison, the same company noted two months ago that the Eternity stealer was sold in the form of an annual subscription at 260 dollars (i.e. as many euros).
Windows environment
More generally, the distribution of the source code of malware can lead to the appearance of new, more sophisticated variants. We can for example cite the case of the Mirai botnet. While the original botnet is already six years old, there are still many variants that have emerged following the release of its source code.
The Luca Stealer malware currently only targets Windows environments. Coded in Rust, it tracks passwords, cryptocurrency wallets and credit card data. More specifically, its designer claims that it attacks a dozen cryptocurrency wallets, around thirty variants of Chromium and Firefox browsers, a whole series of extensions and Discord, Element, ICQ and Skype messaging. The stolen data is then exfiltrated using a Telegram bot or to Discord.