• A new information-stealing malware dubbed Raccoon Stealer has been identified to be quite popular among malicious actors.
  • Researchers have monitored this malware from April 2019 and have published a detailed analysis about it.

Thousands of devices have been hit by this malware, in spite of it being fairly new to the threat landscape.

An overview

Raccoon is an information stealer that harvests credit card details, cryptocurrency wallets, mail clients, and browser-related data.

  • This malware also goes by Racealer or Mohazo, and has been featured as one of the bestselling underground malware.
  • Security experts say that this malware was probably developed by Russian attackers because it was initially promoted in Russian-speaking forums.
  • It is sold as malware-as-a-service (MaaS) with several features in English-speaking forums as well now.

“Much like any other software-as-a-service, the Raccoon stealer appears to be in active development. The development team seems to be quick, responsive, and dedicated, using short development cycles to release updates, bug fixes, and new features within days,” say researchers.

More about the malware

Raccoon malware is delivered through multiple methods, including exploit kits, bundled malware, and phishing.

  • After infecting systems, the malware collects sensitive data and stores it in the ‘Temp’ folder.
  • It captures screenshots, harvests system and browser information, extracts Outlook account details, and steals cryptocurrency wallets. This data may be used for blackmail or for financial gain in underground forums.
  • All the stolen data is packed as a ZIP file and sent to the command-and-control server.
  • Then, it wipes its binary from the machine using the delete command.

What does this mean?

Although it is not known for innovative techniques, Raccoon seems to be quite popular among malicious actors. This may indicate a growing trend in providing malware-as-a-service, instead of directly being involved in the crime. Researchers expect this trend to continue in 2020 as well.

Cyware Publisher