Regardless of its costly value and membership-based organization product, the Raccoon malware has grown progressively well-liked between cybercriminals owing to its capacity to target at minimum sixty applications including most well-liked browsers.
The Raccoon infostealer, also recognised as Racealer, has obtained a subsequent on underground hacking discussion boards as a final result of its intense internet marketing strategy, use of bulletproof internet hosting and effortless-to-use backend. This malware was 1st identified very last year by stability scientists at the organization Cybereason and it charges $two hundred a month.
What sets Raccoon apart from other malware is the simple fact that it employs a membership-based organization product that involves complex guidance, bug fixes and updates. It also lets cybercriminals to steal facts and cryptrocurrency from a wide range of browsers and other applications.
New examination of Racoon by Cyberark has uncovered that the malware, which is ready to steal facts from 35 browsers and sixty applications total, is usually sent through phishing strategies and exploit kits.
Fraudulent email messages containing Microsoft Office environment documents crammed with malicious macros are sent out to opportunity victims in phishing strategies though exploit kits are normally hosted on sites and victims are profiled for any opportunity browser-based vulnerabilities, just before becoming redirected to the proper exploit package to leverage them.
The Raccoon malware is ready to steal monetary info, on the internet qualifications, facts from user’s PCs, cryptocurrencies and browser info these types of as cookies, searching history and autofill content material. The malware targets Google Chrome, Internet Explorer, Microsoft Edge and Firefox as nicely as a lot of lesser recognised browsers. Raccoon can also compromise electronic mail shoppers these types of as ThunderBird, Outlook and Foxmail, between other individuals.
Cryptocurrencies saved on users’ units are also at possibility as the malware seeks out Electrum, Ethereum, Exodus, Jaxx, Monero and Bither wallets by scanning for their default application folders.
The Raccoon malware is not probable heading absent any time soon as it not too long ago been given a variety of updates from its creators in accordance to Cyberark’s web site publish on the make a difference, which reads:
“Similar to other “as-a-service” offerings, Raccoon is still becoming made and supported by a team. Due to the fact we commenced the examination of this sample, the Raccoon workforce customers have improved the stealer and launched new versions for the create, including the ability to steal FTP server qualifications from FileZilla application and login qualifications from a Chinese UC Browser. In addition, the attacker panel has been improved, some UI problems were fastened and the authors extra an alternative to encrypt the builds appropriate from the panel and downloaded it as a DLL.”