Laturo Stealer

The Laturo Stealer is a new threat that has appeared on several online security platforms and is used to scan files for harmful behavior – unfortunately, there is not much information about the Laturo Stealer. Still, it is certain that it is being propagated by a threat actor who uses the RIG Exploit Kit (RIG EK) to deliver it to potential targets. It is possible that the Laturo Stealer might not be a private project and, instead, it might be sold as a product on underground hacking forums – this would make it far more threatening since it would mean that any cybercriminal could purchase it and use it to cause trouble.

The Laturo Stealer is Being Spread via the RIG EK

The purpose of the Laturo Stealer is not any different from other infostealers like GrandSteal and the Masad Stealer – it aims to gain persistence on the targeted machine, and then run its modules in the background silently. The infostealer may attempt to grab different information types from the compromised host:

• Browser cookies, autofill forms, saved passwords and Web browser history.
• 'wallet.dat' files associated with various crypto-currency wallet applications.
• Small documents or text-files stored on the desktop.
• Data stored in FTP folders.
• Telegram and Discord session files.

It is not uncommon for infostealers like the Laturo Stealer also to go after the files used by popular gaming platforms such as PayPal, BattleNet and the Epic Launcher.

To keep your computer safe from the Laturo Stealer and similar threats, you should invest in a reputable anti-virus product that will scan incoming files for harmful traits. Furthermore, it is recommended to keep all software up-to-date since this would minimize the chances that the Laturo Stealer will be delivered to you via the RIG Exploit Kit.