- Jul 27, 2015
A new info-stealer malware is spreading rapidly in the wild as the developer behind it continues to add capabilities and recently released the source code on GitHub.
In addition, the Windows software nasty – dubbed Luca Stealer by the folks at Cyble who detected it – is the latest to be built using the Rust programming language. The researchers wrote in a report that Luca Stealer already has been updated three times, with the developer adding multiple functions, and that they have seen more than 25 samples of the source code in the wild since it was shared via GitHub on July 3, which may lead to wider adoption by the cybercriminal community. "The developer of the stealer appears to be new on the cybercrime forum and likely leaked the source code of the stealer to build a reputation for themselves," the researchers wrote. "The developer has also provided the steps to modify the stealer and compile the source code for ease of use."
They noted that Rust is becoming a go-to programming language for malware developers because of its versatility, cross-platform nature, and that the generated code can seem alien to some reverse engineers and their tools, hindering analysis. The prolific Hive ransomware crew this year migrated its source code from Go to Rust, which analysts with Microsoft's Threat Intelligence Center earlier this month said made the exortionware more stable and more difficult to reverse engineer. Other threat groups also are adopting Rust, including the BlackCat ransomware-as-a-service gang. In addition, Kaspersky security researchers this month wrote about a new ransomware family – Luna – that is written in Rust.