New Rust-based Luca Stealer Malware Targets Web3 Crypto Wallets

A new strain of malware has been detected in the wild that targets Web3 infrastructure and crypto wallets.

The info-stealing malware called Luca Stealer has been spreading since it was first shared on Github on July 3.

The malware affects Microsoft Windows operating systems but it has been written in the Rust programming language making it easy to port to MacOS and Linux.

Cyble Research Labs discovered the Rust-based stealer, detailing the cyber nasty in a report earlier this week. It has now come to the attention of crypto security firms such as Wallet Guard.

Crypto wallets targeted

According to the researchers, Luca Stealer already has been updated three times. Multiple additional functions have been added and more than 25 samples of the source code have been detected in the wild.

Its creators appear to be new actors on hacker forums who have leaked the source code to build a reputation for themselves, they added.

The stealer can target multiple Chromium-based browsers, crypto wallets, chat and messenger applications, and gaming applications. Additional functionality has been inserted in order to steal the victim’s files.

It uses Telegram bots and Discord web-hooks to communicate and send data back to attackers. It targets the Windows AppData folder, looking for the presence of the “logsxc” folder. If not present, the stealer creates the folder with hidden attributes for saving stolen data. It can also modify the Clipboard to attempt to steal crypto by replacing copied wallet addresses with its own.

Luca Stealer targets ten cold crypto wallets, including AtomicWallet, JaxxWallet, and Exodus, having hardcoded the path to them in its source code. It can also target browser extensions of password managers and crypto wallets for more than 20 browsers.

Rust is growing in popularity among cybercriminals as it can be used to write malware quicker and more efficiently than traditional programming languages.

How to protect yourself and your wallet

Windows machines can become infected by downloading suspicious email attachments, dodgy browser extensions, or clicking spurious social media links to malware sites.

Malware is usually spread through phishing and social engineering attacks on social media. Victims are lured into clicking something malicious sent to them or displayed in a fake crypto ad on Facebook or Twitter, for example.

The researchers recommended avoiding downloading any files from untrusted sources. They also suggested clearing browser caches and changing passwords frequently, in addition to having updated software and sturdy antivirus and anti-malware protection.  

Manual removal is possible, but requires advanced knowledge of the Windows registries and file systems. Leading internet security suites and antivirus software are a more reliable options.  

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.

Share Article

Leave a Reply

Your email address will not be published.