Raccoon Stealer that appeared in 2019 for the first time is still an ongoing threat, and targets users’ sensitive data including login credentials.
Updated on
March 17, 2023
Published on
May 10, 2021
Read time
5
Subscribe to the latest industry news, technologies and resources.
Advisory Type
Malware Intelligence
Malware Name
Raccoon
Malware Aliases
Mohazo, RaccoonStealer, Racealer
Malware Type
Infostealer
Affected OS
Windows
Executive Summary
Raccoon Stealer is a MaaS (Malware as a Service) that appeared in 2019 for the first time and is still an ongoing threat. Raccoon is advertised widely on hacking forums for a cheap price which makes it easily accessible for a lot of threat actors. Raccoon stealers mainly target users’ sensitive data including login credentials, credit card information, cryptocurrency wallets, and browser information including cookies, history and autofill.
Raccoon stealer operators deliver their malware through malicious documents attached to phishing emails or through exploit kits used for malvertising.
Technical Details
The operators of the Raccoon stealer abuse ad networks, adding sneaky redirects to malicious pages. These pages are laced with exploit kits which then download the malware. Threat actors may also leverage malicious files attached to phishing emails, embedded with macros. This, in turn, downloads and executes the malware. Once the Raccoon stealer is injected into the system it targets all the applications that contain credentials. It dumps the credentials in a zip file and sends the zip file back to the C2 server of the attacker.
CloudSEK Threat Intel Researchers have discovered an ongoing Raccoon stealer campaign on underground dark web forums. Threat actors are seen advertising and selling data stolen with the help of this malware.
Impact
Technical Impact
The malware is capable of:
Identifying applications including web browsers that use credentials. It dumps user sensitive data from these applications.
Sending stolen data back to the attacker’s C2 server.
Steal login credentials leading to other forms of targeted attacks.
Business Impact
It steals victims’ sensitive data including financial credentials
Privacy violation
Mitigation
Install the latest security patches and updates.
Use the latest AV, prevention and detection software.