Photo Credit: Cybereason
- The authors of Raccoon Stealer ask for $200 per month
- They offer 24/7 support, roll out regular updates
- The malware is delivered using exploit kits, phishing techniques
A new research report highlights a new ‘easy-to-use’ trojan malware called Raccoon Stealer and its increasing popularity. The malware is known to have already affected hundreds of thousands of devices around the world, and was first spotted earlier this year. Raccoon Stealer has become popular among cybercriminals, as it provides a simple means of stealing passwords, credit card data, and even cryptocurrency. The Windows-targeting malware allows individuals a quick-and-easy way to make money stealing sensitive data without a huge personal investment or technical know-how.
The increase in the spotting of Raccoon Stealer has been attributed to its aggressive marketing to potential criminals, easy-to-use automated backend panel, and 24/7 support from authors. It is being sold as a MaaS (Malware-as-a-Service). The team behind Raccoon Stealer asks for $200 per month, but the rewards reaped from all the financial data collected could be worth much more. It was first spotted in April 2019, and since then multiple infections have been discovered in the wild across organisations and individuals.
Cybereason claims that authors behind Raccoon Stealer welcome feedback, and are responsive to complaints. They offer short development cycles to release updates, come back with bug fixes within days, and offer new features regularly. The team is also highly active in underground communities wherein they post daily and reply to community questions and comments within hours.
The research report published by Cyberreason says that once the malware is injected and is active on a machine, it can steal system information, cookies, login and password information, and bank details. The malware can take screenshots, monitor emails, extract data from all popular browsers including credit card information, URLs, usernames, passwords, and even snip from cryptocurrency wallets. Cyber criminals can use this information to sell on the dark web or use it carry out other illegal practices.
“Based on the logs for sale in the underground community, Raccoon is estimated to have infected over 100,000 endpoints worldwide within a few months. It is easy to operate for technical and nontechnical individuals alike, lending it mass appeal. Moreover, the team behind Raccoon is constantly working to improve it and provide responsive service. It gives individuals a quick-and-easy way to make money stealing sensitive data without investing a lot of funds or having a deep technical background,” the blog post notes.