|###### Advisory Type||Malware Intelligence|
|###### Malware Name||Raccoon|
|###### Malware Aliases||Mohazo, RaccoonStealer, Racealer|
|###### Malware Type||Infostealer|
|###### Affected OS||Windows|
Raccoon Stealer is a MaaS (Malware as a Service) that appeared in 2019 for the first time and is still an ongoing threat. Raccoon is advertised widely on hacking forums for a cheap price which makes it easily accessible for a lot of threat actors. Raccoon stealers mainly target users’ sensitive data including login credentials, credit card information, cryptocurrency wallets, and browser information including cookies, history and autofill.
Raccoon stealer operators deliver their malware through malicious documents attached to phishing emails or through exploit kits used for malvertising.
The operators of the Raccoon stealer abuse ad networks, adding sneaky redirects to malicious pages. These pages are laced with exploit kits which then download the malware. Threat actors may also leverage malicious files attached to phishing emails, embedded with macros. This, in turn, downloads and executes the malware. Once the Raccoon stealer is injected into the system it targets all the applications that contain credentials. It dumps the credentials in a zip file and sends the zip file back to the C2 server of the attacker.
CloudSEK Threat Intel Researchers have discovered an ongoing Raccoon stealer campaign on underground dark web forums. Threat actors are seen advertising and selling data stolen with the help of this malware.
The malware is capable of:
- Identifying applications including web browsers that use credentials. It dumps user sensitive data from these applications.
- Sending stolen data back to the attacker’s C2 server.
- Steal login credentials leading to other forms of targeted attacks.
- It steals victims’ sensitive data including financial credentials
- Privacy violation
- Install the latest security patches and updates.
- Use the latest AV, prevention and detection software.
- Activate 2FA on personal/ business user accounts.
- Avoid clicking on ads hosted on web pages.
- Raise awareness against phishing campaigns.