A new infostealer is getting traction after its source code was shared earlier this month on cybercrime forums. Researchers suggest that the malware developers took this step as a marketing ploy to build a reputation and increase future sales.
The malware developer has also included instructions on how to edit this Rust-based stealer and compile its source code. At the time of writing, the malware creator had modified the stealer at least three times, enhancing it with new functions.
Security Analysts have detected more than 25 samples of Luca stealer in the wild since the beginning of July. To detect any suspicious behavior associated with this strong-growing malware family, utilize a Sigma rule released by top-tier content contributor Osman Demir:
This Sigma-based detection has translations for 19 SIEM, EDR & XDR platforms.
The rule is aligned with the MITRE ATT&CK® framework v.10, addressing the Discovery tactic with File and Directory Discovery (T1083) as the primary technique.
Crafting your own content? Join forces with the world’s largest cyber defense community of 23,000+ experts powered by the Threat Bounty Program to get professional guidance and earn a stable income by sharing your detection content.
To detect other possible security holes within your environment, see the full list of rules available in the Threat Detection Marketplace repository of the SOC Prime Platform: the View Detections button will provide you with access to 200,000+ unique and context-enriched content items. Browse SOC Prime’s cyber threats search engine to instantly access Sigma rules to detect the malicious activity associated with Luca malware enriched with in-depth contextual metadata, such as MITRE ATT&CK® and CTI references, CVE descriptions, and more relevant threat context.
The initial research by Cyble security analysts reveals that the malware targets Windows systems and comes with the capabilities to steal victim’s information, like cryptocurrency wallets’ data, credentials, and exfiltrate information from messaging applications such as Telegram, Skype, ICQ, Element, and Discord. Luca stealer also targets Chromium-based browsers and compromises system information.
Evidence suggests that the malware that is currently available free of charge is growing popular with numerous threat actors who are taking part in further development of the threat.
Efficient security solutions are indispensable to every cybersecurity professional’s toolkit to sustain hard-to-breach systems’ protection. Leverage the benefits of collaborative cyber defense by joining our global cybersecurity community at SOC Prime’s Detection as Code platform. Avail accurate and timely detections delivered by seasoned professionals from around the world to stay up to date on threat hunting, supercharge your SOC team’s operations and establish a defense-in-depth posture.