Breaking

Info-stealing malware ‘Raccoon’ can extract data from 60 applications

Malware is always known to create instability in user’s computer, but not all malware are designed that way. Info-stealing malware can be sneaky to fetch the sensitive data, extract the same and erase the traces of their presence. One such popular Info-stealing malware is the ‘Raccoon’ which was first identified in April 2019, and since then has been upgraded continuously to evade the computer’s security. Raccoon malware is now found extracting sensitive data from 60 applications in a infected computer. 

Raccoon malware is popular among the dark web and cyber criminal forums as it is affordable, with decent capabilities and generous features. It is sold as Malware-as-a-Service and has been the top of MaaS offerings for a while in the cyber criminal market.

Evolution of Raccoon

Raccoon is deployed using Phishing, Exploit kits and PUA (Potentially Unwanted Applications). This malware was first known as Mohazo, Legion, Racealer and was found in Russian forums. However, now it has spread to English forums and is gaining traction. This MaaS model is provided for $75 USD per week and $200 USD per month. Once attackers purchase the malware they will have access to malware’s admin panel allowing them to customize Raccoon, and weaponize it as per their goal. Even a non-technical person will be able to deploy the malware successfully thanks to the ease of customization.

It is written in C++ and if comparatively less complex than the other MaaS offerings. Raccoon is capable of extracting data from browsers, cryptocurrency apps, wallets, email clients and more. Browsers include Chrome, Firefox, Edge, IE, Opera, SeaMonkey, UC Browser, Vivaldi, and Waterfox. Whule cryptocurrency apps like Electrum, Ethereum, Exodous, Monero and Jaxx are also vulnerable. Outlook, Thunderbird and Foxmail are the email clients from which Raccoon can extract sensitive data.

Capabilities of Raccoon

Raccoon locates the targeted sensitive data, copies the file or the folder, extracts the data into a zip file called Log.zip inside the temp, and then applies decryption routines to convert the same into a simple text file for exfiltration. Apart from the data extraction, Raccoon can also collect information about OS versions, hardware, software and other third party apps. It can also take screenshots of the infected systems, and can be used as a level one attack by dropping other malicious programs into the system.

According to the Recorded Future Report, ‘Raccoon’ is one of the best-selling malware in the underground economy. Though it isn’t a very complex program, it can infect systems, collect information at a very low price which has made it the popular MaaS among cyber criminals. It has now infected thousands of devices across the world. Even a rookie can use this malware to exfiltrate information from a targeted computer or network.

How to detect this Info-stealing malware?

Users are requested to employ indicators of compromise (IoC), YARA rule or anti-virus software with updated signatures would help detect it. Users can also employ endpoint detection and response strategies to combat threats like Raccoon. Few days back we did write about Ginp trojan that targets Android devices and disguises legitimate banking apps. Malware are evolving everyday, and especially MaaS are always increasing in numbers, double up security and stay vigilant.

Subscribe to ‘The Cybersecurity Times’, for daily alerts on cyber events. You can also follow us on FacebookLinkedinInstagramTwitter and Reddit.

Share the article with your friends
William Marshal

William has been one of the key contributors to 'The Cybersecurity Times' with 9.5 years of experience in the cybersecurity journalism. Apart from writing, he also like hiking, skating and coding.

Recent Posts

Best Microsoft Intune Alternatives: Top 5 MDMs to Consider

Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…

2 days ago

Top 7 Best Smartphones with Best Security Features in 2024

Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…

3 weeks ago

Top 11 Log Management Tools for Efficient System Management

Discover the top 11 log management tools for efficient system management and monitoring. Learn about…

2 months ago

Top 5 Threat Intelligence Tools For 2024

Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…

2 months ago

Privileged Access Management: 5 Best PAM Solutions in the Market

Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…

2 months ago

Apple Device Management: Top Solutions for iOS and macOS Management

Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…

2 months ago