new malware steals cryptocurrencies, passwords and files from your computer

With more than 25 samples detected in the wild, the malware has been dubbed Luca Stealer is becoming a serious threat to digital security. This was confirmed by Cibile a company dedicated to monitoring cybercrime in real time.

To summarise, the malware is capable of attacking several Chromium-based browsers. But that’s not all, it can also attack messaging apps, wallets of cryptocurrencies, gaming applications and, more recently, the possibility of stealing files from its victims. A very versatile system, which demonstrates the capabilities of its programming language.

Developed in Rust, Luca Stealer has a 22% detection rate. But that’s not the worst. It turns out the developer behind the malicious code made it accessible to everyone by publishing the source code on GitHub, where many took the opportunity to grab it and shape it.

Luca Stealer’s code has been updated three times so far. Also, its creator kindly posted a tutorial so anyone with knowledge of it can modify the malware and exploit the code for your own purposes. In fact, according to Cyble, the malware was still being updated at the time of the report.

Luca Stealer, the unknown malware that terrifies computer experts


Nothing is safe from Luca Stealer’s clutches. The aforementioned media reported that from the detection of him, attempted to steal information from over 20 Chromium-based browsers. Of course, the focus is on credit card data, login credentials and browser cookies.

However, he has it too was detected on Discord, Ubisoft Play, Telegram. It has also been reported that he has been able to steal information since wallets of “cold” and “hot” cryptocurrencies. The latter, of course, are riskier because they are browser extensions.

What is Luca Stealer’s modus operandi? Malware is known it installs on your computer as an external extension in the browser of your choice. As a twitch, it starts stealing data from other apps on the system, even taking screenshots and saving them as .png for use by remote operators.

Each browser extension has a unique ID, which can be used to find the necessary extensions in the browser folder in the “AppData” directory. The thief takes the extensions mentioned in the figure below if they are present on the victim’s system.

Famous cryptocurrency wallets such as MetaMask, iWallet, BinanceChain and others are Luca Stealer’s primary goals. When it comes to password managers, we also find Norton Password Manager, 1Password, NordPass, LastPass, and many more on its list. A real terror to fall into the hands of this malware.

Is anyone safe from Luca’s thief?

The main people affected appear to be Windows users as usual. Therefore, it has been found that those using Linux or macOS as their primary operating systems fall outside the scope of Luca Stealer. In fact, it is not certain that, thanks to the use of Rust as a programming language, this malware will not be able to compromise the information of these users.

Caution, it is not excluded that in the future Luca Stealer may evolve towards other systems. After all, the code is now potentially in the hands of millions of people, so anyone with enough knowledge can advance the malware.

Recommendations for your protection

Cyble has released a series of recommendations to follow to keep your privacy as intact as possible. Of course, it is not always possible to protect yourself from the virus, but we are asked to do everything possible.

  • Avoid downloading files from untrusted sources.
  • Clear your browsing history and reset your passwords at regular intervals.
  • Enable the automatic software update function on your computer, mobile device and other connected devices.
  • Use reliable antivirus and internet security software on your connected devices, including computers, laptops and mobile devices.
  • Avoid opening untrustworthy links and attachments in emails without verifying their authenticity.
  • Teach employees how to protect themselves from threats such as phishing or untrusted URLs.
  • Blocks URLs that can be used to distribute malware, such as Torrent / Warez.
  • Monitor the beacon at the network level to block data exfiltration by malware or TA.
  • Enable the Data Loss Prevention (DLP) solution on employee systems.

Leave a Comment