September 21, 2023

Raccoon Stealer has been upgraded by its developer in order to steal cryptocurrency alongside financial information. Stealer-as-a-service, a bolt-on for threat actors to use as an additional tool for data theft and revenue. Normally spread not through spam emails the usual initial attack vector linked to Raccoon Stealer but, instead, droppers disguised as installers for cracked and pirated software.

The stealer is being bundled with malware including malicious browser extensions, cryptocurrency miners, the Djvu/Stop consumer ransomware strain, and click-fraud bots targeting YouTube sessions. Monitor for and collect account credentials, cookies, website “autofill” text, and financial information that may be stored on an infected machine.

The upgraded stealer also has a “clipper” for cryptocurrency-based theft targeted by QuilClipper stealer and Steam transactions

The stealer operates through a Tor-based C2 server to handle data exfiltration and victim management. Each Raccoon executable is tied with a signature specific to each client.

Raccoon is offered as a stealer-for-hire, with the developers behind the malware offering their creation to other cybercriminals for a fee. In return, the malware is frequently updated found in Russian underground forums and developer earned roughly $1200 in subscription fees, together with a cut of their user’s proceeds.

Tags:

1 thought on “Racoon Stealer as a Service

  1. Pingback: Raccoon Stealer Replaced by Dridex in RIG Exploit Kit - TheCyberThrone

Leave a Reply

You may have missed

Snatch ransomware Dissection

September 21, 2023

Fortinet Fixes Vulnerabilities in FortiOS

September 20, 2023

Trend Micro Endpoint Vulnerability – CVE-2023-41179

September 20, 2023

GitLab Addresses Critical Vulnerability -CVE-2023-4998

September 20, 2023

Crowdstrike New Offerings and Bionic.ai Acquisition

September 20, 2023

Microsoft AI exposed terabytes of data accidentally

September 19, 2023
%d bloggers like this: