new malware steals cryptocurrencies, passwords and files from your computer

With more than 25 samples detected in the wild, the malware was named Luca Stealer becomes a serious threat to digital security. This was confirmed by Cybel a company dedicated to real-time cybercrime monitoring.

To summarise, the malware can attack various Chromium-based browsers. But that’s not all, it can also attack messaging apps, purses of cryptocurrencies, game applications and, more recently, the ability to steal files from its victims. A very versatile system, demonstrating the capabilities of its programming language.

Luca Stealer was developed in Rust and has a detection rate of 22%. But that’s not the worst. Turns out the developer behind the malicious code made it accessible to everyone by publishing the source code on GitHub, where many have taken the opportunity to grab it and give it their own shape.

So far, Luca Stealer’s code has been updated three times. The creator also kindly posted a tutorial so anyone with knowledge can modify the malware and use the code for their own purposes. According to Cyble, the malware was even being updated at the time of the report.

Luca Stealer, the unknown malware terrifying IT experts


Nothing is safe from Luca Stealer’s claws. The aforementioned media reported that since its discovery, attempted to steal information from more than 20 Chromium-based browsers. Obviously, the focus is on data related to credit cards, login data and browser cookies.

However, he also has was detected on Discord, Ubisoft Play, Telegram. It was also reported that he was able to steal information from the purses of “cold” and “hot” cryptocurrencies. The latter are of course more risky because they are browser extensions.

What is Luca Stealer’s modus operandi? The malware is known to installs on the computer as an external extension in the browser of your choice. Like a cramp, it starts stealing data from other apps on the system, even taking screenshots and saving them as .png for use by external operators.

Each browser extension has a unique ID, which can be used to find the necessary extensions in the browser folder in the “AppData” folder. The thief takes the extensions mentioned in the figure below if they are present on the victim’s system.

Well-known cryptocurrency wallets such as MetaMask, iWallet, BinanceChain and others are Luca Stealer’s main targets. When it comes to password managers, we also find Norton Password Manager, 1Password, NordPass, LastPass and many more on the list. A real horror to fall into the hands of this malware.

Is anyone safe from Luca’s thief?

The main affected people appear to be Windows users as usual. So it has been discovered that those who use Linux or macOS as their main operating systems are not within the scope of Luca Stealer. It is even said that, thanks to the use of Rust as a programming language, this malware cannot compromise the information of these users.

Attention, it is possible that Luca Stealer could evolve into other systems in the future. After all, the code is now in the hands of potentially millions of people, so anyone with enough knowledge can promote the malware.

Recommendations for your protection

Cyble has a range of recommendations you should follow to keep your privacy as intact as possible. Of course, it is not always possible to protect yourself from the virus, but we are asked to do everything possible.

  • Avoid downloading files from untrusted sources.
  • Clear browsing history and reset passwords at regular intervals.
  • Activates the automatic software update function on your computer, mobile and other connected devices.
  • Use reputable antivirus and internet security software on your connected devices, including your computer, laptop and mobile.
  • Avoid opening links and attachments from untrustworthy emails without verifying their authenticity.
  • Teach employees how to protect themselves from threats such as phishing or untrusted URLs.
  • Blocks URLs that can be used to distribute malware, eg Torrent/Warez.
  • Monitor the network-level beacon to block data exfiltration by malware or TAs.
  • Enable the Data Loss Prevention (DLP) solution on employee systems.

Leave a Comment