Raccoon Stealer Malware Threat Intel Advisory

###### Advisory Type Malware Intelligence
###### Malware Name Raccoon
###### Malware Aliases Mohazo, RaccoonStealer, Racealer
###### Malware Type Infostealer
###### Affected OS Windows

Executive Summary

Raccoon Stealer is a MaaS (Malware as a Service) that appeared in 2019 for the first time and is still an ongoing threat. Raccoon is advertised widely on hacking forums for a cheap price which makes it easily accessible for a lot of threat actors. Raccoon stealers mainly target users’ sensitive data including login credentials, credit card information, cryptocurrency wallets, and browser information including cookies, history and autofill.

Raccoon stealer operators deliver their malware through malicious documents attached to phishing emails or through exploit kits used for malvertising.

Technical Details

The operators of the Raccoon stealer abuse ad networks, adding sneaky redirects to malicious pages. These pages are laced with exploit kits which then download the malware. Threat actors may also leverage malicious files attached to phishing emails, embedded with macros. This, in turn, downloads and executes the malware. Once the Raccoon stealer is injected into the system it targets all the applications that contain credentials. It dumps the credentials in a zip file and sends the zip file back to the C2 server of the attacker.

CloudSEK Threat Intel Researchers have discovered an ongoing Raccoon stealer campaign on underground dark web forums. Threat actors are seen advertising and selling data stolen with the help of this malware.

Impact

Technical Impact

The malware is capable of:

  • Identifying applications including web browsers that use credentials. It dumps user sensitive data from these applications.
  • Sending stolen data back to the attacker’s C2 server.
  • Steal login credentials leading to other forms of targeted attacks.
Business Impact
  • It steals victims’ sensitive data including financial credentials
  • Privacy violation

Mitigation

  • Install the latest security patches and updates.
  • Use the latest AV, prevention and detection software.
  • Activate 2FA on personal/ business user accounts.
  • Avoid clicking on ads hosted on web pages.
  • Raise awareness against phishing campaigns.

image

image


1 Like