With the ever-increasing number of cyber threats, hackers and cybersecurity specialists are taking the initiative. Esta vez, cybercriminals went ahead of the curve. They created a phishing website to coincide with the news that Microsoft was developing a crypto wallet exclusively for its Edge browser. Such a scheme is used to spread Luca Stealer.
Microsoft Crypto Wallet Scam Spreads Luca Stealer
No hace tanto tiempo, news broke on the internet eso Microsoft is working on creating a crypto wallet for its Edge browser. This news is sure to interest cryptocurrency users. But you know who else is interested in it? That’s right, ciberdelincuentes. The resourceful guys immediately figured out what was happening and created a website that looked as much like Microsoft’s legitimate site as possible. Cybersecurity researchers came across this website and analyzed it. Unlike third-rate phishing sites, this one had a convincing appearance, a web address of hxxps[:]//microsoft-en[.]com/cryptowallet/, Certificados SSL, and allknown logic. The website offers the user to download a beta version of the crypto wallet. Sin embargo, instead of the claimed one, el usuario received malware.
Luca Stealer Analysis
En este caso, the scammers are distributing Luca Stealer. Specialists identified it due to similarities in the malware code found and the Luca Stealer. Sin embargo, Luca is open source, which users can find on platforms like GitHub or TOR. It is a relatively new stealer, written in Rust and first spotted in 2022. Its job is to collect valuable data such as crypto wallet details and other personal information. The following are the browsers, billeteras criptográficas, and extensions this malware attacks.
Web browsers
| CentBrowser | Iridio | Qip Surf | Chrome Canary |
| Resbaladizo 5 | vivaldi | Explorador de elementos | Navegador CocCoc |
| Antorcha | Establo de ópera | Corajudo | Cometa |
| Borde | CocMedia | Google Chrome | Mapple Studio |
| CozMedia | ChromePlus | Átomo | Cromo |
| navegador de la UC | Opera GX | WooGamble | Ópera |
| Dragon (Dragón conveniente) | Cromo SxS | 7star | Sputnik |
| Navegador de privacidad épico | Chedot | Carrera | citrio |
| órbita | Cromo |
Extensiones del navegador
| 1Contraseña | Avira Password Manaager | Monedero BitApp | BitClip |
| bitwarden | BinanceChain | NavegadorPass | Por uno |
| Clover Wallet | moneda98 | Monedero Coinbase | Clave común |
| Cyano Wallet | Cyano Wallet Pro | DAppPlay | Dashlane |
| Autenticador EOS | EQUAL Wallet | Guardia | Cliente Hycon Lite |
| iconoex | KHC | KeePassXC | Guardián |
| Keplr | Ultimo pase | Leaf Wallet | Cartera de calidad |
| Cartera de Matemáticas | MEW CX | MetaMáscara | miki |
| Nabox Wallet | Nash Extension | NeoLine | NordPass |
| Cartera ingeniosa | Norton Password Manager | Una llave | Polymesh Wallet |
| RoboForm | sollet | división | Steem Keychain |
| TezBox | Estación Terra | TronLink | Administrador de contraseñas de Trezor |
| wombat | Yoroi | ZilPay | Bóveda de Zoho |
Crypto wallets
- Cartera Atómica
- ByteCoin
- electro
- éxodo
- JaxxWallet
In addition to cryptocurrency, malware is interested in banking data such as IBANs. This creates additional risks for those involved in banking transactions.
Exfiltración de datos
Once the data is collected, Luca Stealer begins compressing the data for easier transmission. The malware uses the Telegram messaging platform as a covert communication channel. Using a Telegram bot, it discreetly sends stolen data and some statistical information about the stolen data to the operator. It also sends messages to the chat room.
Why Luca Stealer?
Since the source code of Luca Stealer was leaked to the public, attackers can modify it, optimize it and add new functionality. After a more detailed analysis, experts discovered an unusual AntiVM method. Luca Stealer checks the system temperature before starting to execute. Since virtual machines usually generate an error when such a request is made, the malware can understand whether it is on the virtual machine or on a live system. Aunque, this trick is just about making the analysis longer rather than impossible. It is not hard to make the VM respond properly to the request, returning realistic and consistent temperatures.
Recomendaciones de seguridad
Para evitar consecuencias desagradables., we recommend that you follow the following tips:
- Be careful with downloads from the Internet. Download software only from official and reliable sources. If you have any doubts about the authenticity of a website, go to a trustworthy website and make sure that the site you are interested in is genuine.
- Actualiza tu software. Sometimes OS updates can be inconvenient. Sin embargo, this is an essential part as updates contain security patches. To address known vulnerabilities, constantly update your operating system and other software, including browsers.
- Cuidado con los mensajes de correo electrónico. According to statistics, email phishing is one of the most effective methods of spreading malware. Do not open suspicious attachments or links in emails from unknown senders.
- Install reliable antivirus software. Usar quality anti-malware software and update it regularly to stay protected from the latest threats.
- Infórmese y manténgase informado. Desgraciadamente, en esta eterna carrera armamentista, los ciberdelincuentes están liderando. Esto les permite crear nuevas amenazas., elegir las formas menos predecibles cada vez. Sucesivamente, Expertos en ciberseguridad crean soluciones efectivas contra ellos. Estudia amenazas y técnicas de engaño actualizadas para ser más consciente y adaptar tus acciones.
