Blog
Racoon Malware Steals Your Data

Raccoon Malware Steals Your Data From Nearly 60 Apps! This malware is relatively new to cybercriminal forums and can collect sensitive data on a targeted device from about 60 applications. This new malware appears to be developed by Russian Hackers.

The malware industry is constantly changing and what used to be top of the line some years ago is now available by contrast for a modest price and a much richer collection of features. This is becoming very popular in 2020 as people can just purchase malware to make money for themselves.

Raccoon was first seen in the wild nearly a year ago and has gained popularity quickly due to its low price and generous features.

Raccoon is also known by names such as Legion, Mohazo, and Racealer. The malware was initially promoted only on Russian-speaking forums but it soon made its entrance in the English-speaking space. The malware was first seen in the wild April 2019 and it is distributed under the MaaS (malware-as-a-service) model for $75/week or $200/month.

What do you get for the money? The attackers get access to an administration panel that lets them customize the malware, access stolen data, and download the builds of the malware.

This model is widely adopted today as it opens the door to a greater number of cybercriminal clients, many lacking the proper technical knowledge but compensating for business experience.

An analysis by CyberArk found that they program is written in C++ and is far from being a complex tool. It can however steal sensitive and confidential information from nearly 60 programs (browsers, cryptocurrency wallets, email and FTP clients).

Raccoon Malware Log Image

All popular browsers (Google Chrome, Mozilla Firefox, Microsoft Edge, Internet Explorer, Opera, Vivaldi, Waterfox, SeaMonkey, UC Browser) are on the target list along with more than 20 other solutions that are stolen from cookies, history, and information that has been autofilled into the browser.

Hot cryptocurrency apps like Electrum, Ethereum, Exodus, Jaxx, and Monero are of interest, looking in the default locations for their wallet files. But Raccoon can also scan the system to grab wallet.dat files wherever they are stored.

Raccoon Malware Steals Your Data is also packed with other capabilities which include collecting system details (OS version and architecture, language, hardware info, enumerate installed apps).

Attackers can also customize the configuration file for Raccoon to snap images of the screens of infected systems. Additionally, the malware can act as a dropper for other malicious files, making it essentially a stage-one tool for attacking.

“After fulfilling all his stealing capabilities, it gathers all the files that it wrote to temp folder into one zip file named Log.zip.  Now all it has to do is send the zip file back to the C&C server and delete its trace” – CyberArk

Like most popular Malware nowadays, Raccoon is actively improved with fixes for various issues, new functions, and capabilities.

Raccoon malware forum post

Source – Bleeping Computer

When analyzing one sample, researchers found the release of new versions, which expanded support for targeted applications, added FileZilla and UC Browser, and added the option to encrypt malware builds straight from the admin panel and get them in DLL form.

Raccoon does not use any special techniques to extract information from targeted programs, yet it is one of the most popular infostealers on cybercriminal forums. Recorded Future notes in a report from July 2019 that it was one of the best selling malware in the underground economy.

Three months later, researchers at Cybereason also note that the malware was enjoying positive reviews from the community, many actors praising and endorsing the malware. Established members, though, criticized its simplicity and lacking in features present in tools of the same feather.

Check out our SERVICES page to see how we can help you stay protected from these types of attacks!