New Rust-based Luca Stealer Malware Targets Web3 Crypto Wallets

A new strain of malware has been detected in the wild that targets Web3 infrastructure and crypto wallets.

The info-stealing malware called Luca Stealer has been spreading since it was first shared on Github on July 3.

The malware affects Microsoft Windows operating systems but it has been written in the Rust programming language making it easy to port to MacOS and Linux.

Cyble Research Labs discovered the Rust-based stealer, detailing the cyber nasty in a report earlier this week. It has now come to the attention of crypto security firms such as Wallet Guard.

Crypto wallets targeted

According to the researchers, Luca Stealer already has been updated three times. Multiple additional functions have been added and more than 25 samples of the source code have been detected in the wild.

Its creators appear to be new actors on hacker forums who have leaked the source code to build a reputation for themselves, they added.

The stealer can target multiple Chromium-based browsers, crypto wallets, chat and messenger applications, and gaming applications. Additional functionality has been inserted in order to steal the victim’s files.

It uses Telegram bots and Discord web-hooks to communicate and send data back to attackers. It targets the Windows AppData folder, looking for the presence of the “logsxc” folder. If not present, the stealer creates the folder with hidden attributes for saving stolen data. It can also modify the Clipboard to attempt to steal crypto by replacing copied wallet addresses with its own.

Luca Stealer targets ten cold crypto wallets, including AtomicWallet, JaxxWallet, and Exodus, having hardcoded the path to them in its source code. It can also target browser extensions of password managers and crypto wallets for more than 20 browsers.

Rust is growing in popularity among cybercriminals as it can be used to write malware quicker and more efficiently than traditional programming languages.

How to protect yourself and your wallet

Windows machines can become infected by downloading suspicious email attachments, dodgy browser extensions, or clicking spurious social media links to malware sites.

Malware is usually spread through phishing and social engineering attacks on social media. Victims are lured into clicking something malicious sent to them or displayed in a fake crypto ad on Facebook or Twitter, for example.

The researchers recommended avoiding downloading any files from untrusted sources. They also suggested clearing browser caches and changing passwords frequently, in addition to having updated software and sturdy antivirus and anti-malware protection.  

Manual removal is possible, but requires advanced knowledge of the Windows registries and file systems. Leading internet security suites and antivirus software are a more reliable options.  

The post New Rust-based Luca Stealer Malware Targets Web3 Crypto Wallets appeared first on BeInCrypto.

Earning Passive Income With Crypto

Related Posts

SHIB Metaverse: How Will it Impact the Price of Shiba Inu?

SHIB Metaverse: Shiba Inu is one of the best-known cryptocurrencies on the market, and was launched in August 2020. A little over 5 months ago, it announced…

PoW Miners Rake in Profits Mining ETH Until the End, Ethash Networks Expect a Boost, JPMorgan Strategists Say ETC Could Benefit

In just over a month’s time, The Merge is likely to be implemented on the Ethereum blockchain and the network’s proof-of-work (PoW) miners will be forced to…

Another Stablecoin Depegs From USD Parity, Polkadot-Based AUSD Loses 98% in Value

2022 has been the year of broken stablecoins as a myriad of dollar-pegged crypto assets depegged from their dollar value this year. On August 14, the Polkadot-based…

Weekly NFT Sales Show Improvement, Fantom and Immutable X NFT Volume Spikes

Non-fungible token (NFT) sales managed to climb higher during the last seven days than the previous week’s overall sales. This week’s NFT sales managed to jump over…

Aave Responds to Blocking Addresses Over Tornado Cash Clampdown

DeFi lending protocol Aave Protocol said the TRM API on its app was responsible for blocking addresses that received ETH from unknown sources through Tornado Cash. In…

Brazilian Crypto Investment Platform Bluebenx Stops Withdrawals Under Hack Allegations

Bluebenx, a Brazil-based cryptocurrency investment platform, suspended withdrawals last week due to an alleged hack that made the company lose more than $31 million. The company announced…