Despite its high price and subscription-based business model, Raccoon malware has become increasingly popular among cybercriminals due to its ability to target at least 60 applications, including the most popular browsers. The infostealer Raccoon, also known as Racealer, has established itself in underground hacking forums due to its aggressive marketing strategy, from using hosting to Bulletproof to a user-friendly backend. This malware was first discovered last year by security researchers at Cybereason and costs €200 per month. What sets Raccoon apart from other malware is the fact that it uses a subscription-based business model that includes technical support, bug fixes, and updates. It also allows cybercriminals to steal data and cryptocurrency from a wide range of browsers and other applications.
Raccoon malware
A new analysis of Racoon by Cyberark has revealed that the malware, which is capable of stealing data from 35 browsers and 60 apps in total, is typically delivered via phishing campaigns and exploit kits. Scam emails containing Microsoft Office documents filled with malicious macros are sent to potential victims in phishing campaigns, while exploit kits are usually hosted on websites and victims are scanned for all potential browser-based vulnerabilities. , before being redirected to the appropriate exploit kit to exploit them. Raccoon malware is capable of stealing financial information, online credentials, data from users' PCs, cryptocurrency, and browser information such as cookies, browsing history, and auto-fill content. The malware targets Google Chrome, Internet Explorer, Microsoft Edge, and Firefox, as well as many lesser-known browsers. Raccoon can also compromise email clients such as ThunderBird, Outlook, and Foxmail, among others. Cryptocurrencies stored on users' systems are also at risk as the malware searches Electrum, Ethereum, Exodus, Jaxx, Monero and Bither wallets looking for their default application folders. The Raccoon malware is unlikely to go away any time soon, as it recently received a number of updates from its creators according to the Cyberark blog on the subject, which reads: "Like other 'as a service' offerings, Raccoon is always developed and supported by a group.Since we began analyzing this sample, members of the Raccoon team have improved the stealer and released new builds for the version, including the ability to steal the FileZilla application's FTP server credentials and credentials from a Chinese UC browser.In addition, the attackers panel was improved, some UI issues were fixed, and the authors added an option to encrypt builds directly from the panel and download them as DLL files." via ZDNet