Cyble researchers spotted a new Rust-based infostealer, named Luca Stealer. The source code of the malware has been released for free on hacker forums. Luca Stealer is being actively used by threat actors.

Diving into the details

  • The source code for Luca Stealer was leaked on July 3.
  • The researchers have identified 25 malware samples built on this source code in the wild.
  • The stealer can target various Chromium-based browsers, chat apps, gaming apps, and cryptocurrency wallets.
  • Earlier, the stealer was built to pilfer data using a Telegram bot. However, since it can upload data only up to 50MB, the developer made it compatible with Discord webhooks.
  • The author claimed that the malware was developed only in six hours. It shows a detection rate of 22% on VirusTotal. 

Why this matters

Luca Stealer’s developer is probably new on the cybercrime forum and has leaked the source code to build a reputation for themselves. They have, furthermore, provided steps to alter the stealer and compile the source code. It has been updated thrice and the developer is constantly adding multiple capabilities. 


  • Luca Stealer is special in the way that it can steal locally stored data for 17 applications as it focuses on password manager browser extensions.
  • In addition to this, it captures screenshots and saves them as a PNG file, and sends the details to the operators. 
  • However, it lacks the clipper used to alter clipboard contents to hijack crypto transactions, unlike most infostealers.

The bottom line

Based on the samples detected, it is yet unknown whether Luca Stealer will be widely adopted by cybercriminals. However, the fact that it is free while most infostealers come at a price, might act as a driver. Although the stealer is coded in Rust, it can only target Windows OS. Researchers anticipate seeing further improvements in the malware.
Cyware Publisher