A new research report highlights a new ‘easy-to-use’ trojan malware called Raccoon Stealer and its increasing popularity. The malware is known to have already affected hundreds of thousands of devices around the world, and was first spotted earlier this year. Raccoon Stealer has become popular among cybercriminals, as it provides a simple means of stealing passwords, credit card data, and even cryptocurrency. The Windows-targeting malware allows individuals a quick-and-easy way to make money stealing sensitive data without a huge personal investment or technical know-how.
The increase in the spotting of Raccoon Stealer has been attributed to its aggressive marketing to potential criminals, easy-to-use automated backend panel, and 24/7 support from authors. It is being sold as a MaaS (Malware-as-a-Service). The team behind Raccoon Stealer asks for $200 per month, but the rewards reaped from all the financial data collected could be worth much more. It was first spotted in April 2019, and since then multiple infections have been discovered in the wild across organisations and individuals.
Cybereason claims that authors behind Raccoon Stealer welcome feedback, and are responsive to complaints. They offer short development cycles to release updates, come back with bug fixes within days, and offer new features regularly. The team is also highly active in underground communities wherein they post daily and reply to community questions and comments within hours.
The research report published by Cyberreason says that once the malware is injected and is active on a machine, it can steal system information, cookies, login and password information, and bank details. The malware can take screenshots, monitor emails, extract data from all popular browsers including credit card information, URLs, usernames, passwords, and even snip from cryptocurrency wallets. Cyber criminals can use this information to sell on the dark web or use it carry out other illegal practices.
“Based on the logs for sale in the underground community, Raccoon is estimated to have infected over 100,000 endpoints worldwide within a few months. It is easy to operate for technical and nontechnical individuals alike, lending it mass appeal. Moreover, the team behind Raccoon is constantly working to improve it and provide responsive service. It gives individuals a quick-and-easy way to make money stealing sensitive data without investing a lot of funds or having a deep technical background,” the blog post notes.
The malware is delivered most commonly via phishing; compromised software downloads, or via exploit kits. Phishing attacks are carried out by delivering malware via email, and exploit kits trick users to download the malware while the victim is browsing the Web. So far, hundreds of thousands of users have been affected by Raccoon Stealer, and these users are based in North America, Europe, and Asia.
The report suggests that the authors of Raccoon Stealer are Russian-speaking or based in Russia, as the malware was spotted terminating activity if it detected the language as Russian, Ukrainian, Belarusian, Kazakh, Kyrgyz, Armenian, Tajik, or Uzbek. We recommend keeping your software up-to-date, your security patches in place, and a good anti- virus software actively scanning your system regularly. This malware was first reported by ZDNet.