The new information-stealing trojan malware has infected hundreds of thousands of devices worldwide.
Dubbed as Raccoon, the malware is a simple information stealer, that searches system files for a range of sensitive data which is then saved and sent to its operator.
It is able to collect credit card data, as well as cryptocurrency wallets, passwords, emails, data from all popular browsers, cookies and system information.
Although it is not an advanced malware, Raccoon has become one of the top 10 most-mentioned malwares in the underground community, and is estimated to have infected hundreds of thousands of devices across the world.
“Based on the logs for sale in the underground community, Raccoon is estimated to have infected over 100,000 endpoints worldwide within a few months,” said researchers at Cybereason.
“It is easy to operate for technical and nontechnical individuals alike, lending it mass appeal. Moreover, the team behind Raccoon is constantly working to improve it and provide responsive service. It gives individuals a quick-and-easy way to make money stealing sensitive data without investing a lot of funds or having a deep technical background.”
According to the researchers who have been monitoring Raccoon since it first emerged in April 2019, the developers behind it appear to originate in Russia and be Russian-speaking.
Originally it was sold exclusively in Russian speaking forums, but it has now spread aggressively to English-speaking forums.
Raccoon is written in C++ and can work on both 32-bit and 64-bit operating systems. The malware had initially been classified as a password stealer by many AV companies, however the research team noticed its broader capabilities and classifies it as an information stealer.
The reasoning behind its immense popularity, is that as a malware-as-a-service (MaaS), it costs just $200 per month to use, and has multiple features including hosting and customer support.
The majority of feedback from the underground community about Raccoon is positive.
“Many in the community praise and endorse Raccoon’s malware capabilities and the services the team provides,” the researchers said. “Some voices in the community even endorse it as a worthy replacement for the famous Azorult stealer.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/