Luca Stealer malware Removal Guide
What is Luca Stealer malware?
Luca Stealer malware: a dangerous threat that can steal your valuable data
Luca Stealer is a menacing malware that has been recently discovered by security researchers at Cyble. According to the report, the virus stems from an already existing malware written in Rust, which operates as a data stealer. Since the source code of this malware was published on GitHub for everybody to see on July 3, 2022, it seems like other parties decided to make it their own and now are actively spreading Luca Stealer around.
The main purpose of the virus is to steal various data using exfoliation techniques. The main targets of malware are those who enjoy gaming and are into crypto, as it collects account details of various gaming platforms, crypto-wallets, chat applications, Chrome-related data, and similar. Even though its detection levels are currently relatively low, it is recommended to remove the Luca Stealer virus as soon as possible, as serious privacy issues could be experienced by those affected.
|Symptoms||No symptoms are present on the infected computer|
|Capabilities||Steals data from multiple communication platforms, gaming platforms, and browsers. Can take screenshots and determine user's personal information|
|Dangers||Personal information disclosure to cybercriminals, account loss, financial losses, identity theft|
|Removal||Perform a full system scan with SpyHunter 5Combo Cleaner security software|
|System fix||Malware can seriously tamper with Windows systems, causing errors, crashes, lag, and other stability issues after it is terminated. To remediate the OS and avoid its reinstallation, we recommend scanning it with the ReimageIntego repair tool|
Luca Stealer analysis
Rust is a cross-platform programming language, which allows the info-stealer to expand its operations to a much larger scale potentially. However, since malware is relatively new, it is currently only operating on Windows operating systems, so users who run use this platform should be wary.
According to researchers at Cyble, the developer of the stealer malware is relatively new to the hacker forums, although they already provided instructions on how to modify it:
The developer of the stealer appears to be new on the cybercrime forum and likely leaked the source code of the stealer to build a reputation for themselves. The developer has also provided the steps to modify the stealer and compile the source code for ease of use. The stealer has been updated thrice, and the malware developer is continuously adding multiple functionalities at the time of our analysis.
While the malware strain is relatively new, its data-stealing capabilities are quite broad. First of all, it targets 30 Chromium-based browsers, including Chrome, Opera, MS Edge, Vivaldi, Dragon, Brave, and more. Most users rely on Chromium-based browsers nowadays, so choosing it was not accidental. Malware can pick up and deliver passwords, credit card details, and other crucial information harvested from browsers.
Luca Stealer also affects other applications installed on the system, such as communication apps (Skype, ICQ, Telegram, Element, Steam, Discord), gaming apps (Uplay), crypto add-ons installed on the browser (Coin98, Coinbase Wallet, BitApp Wallet, OneKey, Nabox Wallet, etc.), and even password managers (1Password, Norton Password Manager, Dashlane, KeePassXC, Bitwarden, etc.), which is relatively uncommon for this type of malware.
Besides sensitive details, the malware also collects a variety of technical details about the device used. For example, it uses “distro_os” function to get the name of the operating system distribution or version, while “devicename” is used to get the device name used to identify the device for Bluetooth pairing. In addition, it collects information about network transmission rates, total memory, a list of running processes, and more.
The data stealing process is done via Discord or Telegram bots – the former will be used if the collected data exceeds 50MB. It is worth noting that the large size of data may come from the fact that the malware makes screenshots and saves them as PNG files. All the collected files are packed into a ZIP archive, which is then named based on the contents inside, making it easier for the attackers to access the information they need.
How do trojans spread, and how to avoid them?
A trojan is an umbrella term for a type of malware that's defined by its distribution rather than functionality. In this case, we are, of course, talking about an info-stealer, although ransomware, for example, may also be identified as such. To make it clear, a trojan is defined by the fact that users believe they are installing something harmless, while in reality, they are letting malware infiltrate their device.
As such, there could be plenty of methods that can put users in such a situation, for example, malicious spam email might include a misleading message and an attachment, which would look like it was delivered from a reputable company or from a person a victim already knows. While the victim believes that the attachment is safe, opening it would immediately download and install a malicious payload on their machine.
Trojans can also be spread in the following ways:
- Repacked software
- Pirated programs and software cracks
- Fake updates
- Malicious ads, etc.
To avoid being a victim of a trojan attack such as Luca Stealer, you should always be vigilant and follow the best security practices. For example, you should never download pirated software or cracks, as the infection rate of various malware – not only Luca Stealer – is likely.
Employing effective ad-blockers might prevent the execution of malicious ads and fake updates, although it is not a secret that you should never download software from random websites which claim that something is missing or needs to be updated.
Luca Stealer malware removal
We strongly recommend performing automatic Luca Stealer removal, as complex malware samples are difficult to detect and remove manually, at least for regular computer users. Instead, go ahead and download SpyHunter 5Combo Cleaner or Malwarebytes security software and initiate a full system scan (don't forget to update the definition database, as malware is relatively new). If you still want to attempt manual elimination, follow the steps at the bottom of this post.
Once the infection is terminated, you have to remember that your personal data may be compromised. First of all, we recommend you change passwords on all your accounts immediately – it should secure your accounts from further compromise. You should also monitor your online banking and expect to receive more malspam, as well as targeted phishing attacks.
Finally, we recommend you run a scan with ReimageIntego – it can find damaged system files and repair them for you quickly, so you don't have to worry about crashes, errors, and other common issues caused by malware infections.
Getting rid of Luca Stealer malware. Follow these steps
Access Safe Mode to remove malware from Windows
If malware is not letting you use antivirus in normal mode, access Safe Mode and perform a full system scan from there.
Windows 7 / Vista / XP
- Click Start > Shutdown > Restart > OK.
- When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list.
Windows 10 / Windows 8
- Right-click on Start button and select Settings.
- Scroll down to pick Update & Security.
- On the left side of the window, pick Recovery.
- Now scroll down to find Advanced Startup section.
- Click Restart now.
- Select Troubleshoot.
- Go to Advanced options.
- Select Startup Settings.
- Click Restart.
- Press 5 or click 5) Enable Safe Mode with Networking.
Once you reach Safe Mode, launch SpyHunter 5Combo Cleaner, Malwarebytes, or another reputable antivirus, update it with the latest definitions, and perform a full system scan to eradicate malware and all its malicious components.
How to prevent from getting malware
Choose a proper web browser and improve your safety with a VPN tool
Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.
Lost your files? Use data recovery software
While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.
To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.