Source code for Rust-based malware leaks on hacking forums

Ryan Daws is a senior editor at TechForge Media, with a seasoned background spanning over a decade in tech journalism. His expertise lies in identifying the latest technological trends, dissecting complex topics, and weaving compelling narratives around the most cutting-edge developments. His articles and interviews with leading industry figures have gained him recognition as a key influencer by organisations such as Onalytica. Publications under his stewardship have since gained recognition from leading analyst houses like Forrester for their performance. Find him on X (@gadget_ry) or Mastodon (@gadgetry@techhub.social)


The source code for an info-stealing malware based on Rust has leaked on hacking forums.

Security analysts claim the malware is actively used in attacks and it appears to have a high antivirus evasion rate. VirusTotal returns a detection rate of around 22 percent.

The developer claims to have developed the malware in just six hours. Despite being based on Rust, the malware currently only targets Windows machines.

Cybersecurity firm Cyble analysed the malware and named it Luca Stealer.

Cyble found Luca Stealer “can target multiple Chromium-based browsers, chat applications, crypto wallets, and gaming applications and has the added functionality of stealing victims’ files.”

In total, Luca Stealer targets:

  • 31 browsers
  • 17 password managers
  • 19 browser crypto wallets
  • 10 “cold” crypto wallets
  • 7 applications (Steam, ICQ, Telegram, Skype, Element, Discord, and Uplay)

The malware was designed to exfiltrate stolen data using a Telegram bot. However, due to the limitation of only being able to upload data in sizes up to 50 MB, compatibility with Discord webhooks was added to the stealer.

All data is compressed in a ZIP archive and is accompanied by a summary of what’s included so the attacker can get a quick idea of their loot.

“As the stealer is written in Rust and is released for free, we can expect it to be adopted by multiple threat actors across the world,” adds Cyble.

If you do seek out the source code, please only use it for research purposes.

(Photo by Ed Hardie on Unsplash)

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *