The operators of the infamous Raccoon malware announced their return this week after a six-month hiatus from hacker forums following the arrest of an administrator. "We are happy to return with new strength and understanding of our mistakes," they said in a statement.
Raccoon is a highly popular info-stealing malware-as-a-service sold on dark web forums. It has been praised for its simplicity and customization. The malware targets popular browsers and desktop cryptocurrency wallets to steal passwords, cookies, and credit card numbers. It can also download files and capture screenshots on victims’ computers.
In October 2022, the US indicted one of the “key administrators” of the malware, Ukrainian citizen Mark Sokolovsky, and demanded his extradition from the Netherlands, where he was arrested. Dutch officials are likely to honor this request soon as this week they rejected Sokolovsky's appeal against being extradited.[1]
According to a report by Cyberint, which analyzed the malware's latest version, Raccoon administrators have introduced features that make it easier and more convenient to use the tool. For example, they added a quick search tool to find specific links in large datasets, which will help hackers quickly locate needed information, even when dealing with millions of documents and thousands of different links, according to the researchers.
Another feature detects unusual activity that may come from bots that help cybersecurity firms monitor Raccoon's traffic. If Raccoon identifies suspicious behavior, it automatically deletes records associated with those activities and updates the information on each client pad.
This makes it harder for security tools that use automation and bots to detect the malware, according to Cyberint.
Raccoon operators also added a new panel that gives users an overview of their operations, the most successfully targeted countries, and the number of breached computers.
In the past, Raccoon Infostealer administrators rented out its malware for $200 per month in cryptocurrency to steal data from victims’ computers, including log-in credentials, financial information, and other personal records. The malware is installed on the victims' computers through phishing emails. The stolen information is then sent to one or more servers controlled by the Raccoon administrators. When the operation is completed, Raccoon deletes itself from the infected computer.
After Sokolovsky's arrest, the FBI collected data stolen from many computers that cybercriminals infected with Raccoon malware. Law enforcement has identified more than 50 million unique credentials and forms of identification, including email addresses, bank accounts, cryptocurrency addresses, and credit card numbers in the stolen data from millions of potential victims around the world.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5993554863383553632
[1] https://therecord.media/raccoon-malware-back-with-updated-version/
Comments