racealer - X-Industry - Red Sky Alliance2024-03-29T11:00:35Zhttps://redskyalliance.org/xindustry/feed/tag/racealerRaccoon Stealer is in the Canhttps://redskyalliance.org/xindustry/raccoon-stealer-is-in-the-can2022-11-03T13:00:38.000Z2022-11-03T13:00:38.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10861789694,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10861789694,RESIZE_400x{{/staticFileLink}}" width="250" alt="10861789694?profile=RESIZE_400x" /></a>A Ukrainian man has been charged with computer fraud for allegedly infecting millions of computers with malware in a cybercrime operation known as "Raccoon Infostealer," the US Justice Department (DOJ) said 25 October 2022. Mark Sokolovsky, 26, is being held in the Netherlands and the US is seeking his extradition, the DOJ said in a statement.</p>
<p>It said Raccoon Stealer malware was leased to cybercriminals for $200 a month, payable in cryptocurrency. The malware was then installed on the computers of unsuspecting victims and used to steal personal data such as log-in credentials and financial information, the department said.</p>
<p>Raccoon Stealer is also known as Legion, Mohazo, and Racealer and is a high-risk Trojan-type application that infiltrates the system and collects personal information, passwords, credit card numbers and other sensitive data from infected PCs.</p>
<p>See: <a href="https://redskyalliance.org/xindustry/raccoon-password-stealer-is-back-again">https://redskyalliance.org/xindustry/raccoon-password-stealer-is-back-again</a></p>
<p>It said the FBI and law enforcement partners in Italy and the Netherlands dismantled the digital infrastructure supporting "Raccoon Infostealer" in March 2022, when Sokolovsky was arrested. The DOJ said the FBI has identified more than 50 million unique credentials and forms of identification such as email addresses and credit card numbers in the stolen data from millions of potential victims around the world.</p>
<p>"This case highlights the importance of the international cooperation that the Department of Justice and our partners use to dismantle modern cyber threats," a Deputy Attorney General said. "As reflected in the number of potential victims and global breadth of this attack, cyber threats do not respect borders, which makes international cooperation all the more critical," DOJ said.</p>
<p>Sokolovsky is charged with computer fraud, wire fraud, money laundering and identity theft. He faces up to 20 years in prison for the wire fraud and money laundering charges. The DOJ said Sokolovsky is appealing a September 2022 decision by the Amsterdam District Court granting his extradition to the United States.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: https://www. redskyalliance. org/ </li>
<li>Website: https://www. wapacklabs. com/ </li>
<li>LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p>Source: <a href="https://krebsonsecurity.com/2022/10/accused-raccoon-malware-developer-fled-ukraine-after-russian-invasion/">https://krebsonsecurity.com/2022/10/accused-raccoon-malware-developer-fled-ukraine-after-russian-invasion/</a></p></div>Raccoon Password Stealer is Back Againhttps://redskyalliance.org/xindustry/raccoon-password-stealer-is-back-again2022-07-06T01:17:25.000Z2022-07-06T01:17:25.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}10625108672,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10625108672,RESIZE_400x{{/staticFileLink}}" alt="10625108672?profile=RESIZE_400x" width="250" /></a></p>
<p>Raccoon Stealer, one of the most prolific data stealers in digital history is back and more effective than ever. The re-emergence of the malware, best known for stealing personal information like passwords, files, and biometric data was first spotted by French cybersecurity company Sekoia the last week of June 2022. According to the firm's analysis, the authors of Raccoon Stealer have rewritten the code from scratch and added screenshot capturing and keystroke logging to its list of capabilities. With the code expected to be released on criminal marketplaces soon, the full impact of its resurgence is yet to be determined.</p>
<p>See: <a href="https://redskyalliance.org/xindustry/raccoon-stealer-returns">https://redskyalliance.org/xindustry/raccoon-stealer-returns</a></p>
<p>The malware also known as Legion, Mohali, and Racealer, Raccoon Stealer is a ransomware application best known for stealing personal user data. The Ukrainian MaaS group first gained notoriety throughout 2021 for spamming malicious links and infiltrating servers. Raccoon Stealer is an information-stealing trojan distributed under the MaaS (malware-as-a-service) model for $75/week or $200/month. Threat actors who subscribe to the operation will get access to an admin panel that lets them customize the malware, retrieve stolen data (aka logs), and create new malware builds After a brief but impactful tirade, its lead developer was killed in Russia's invasion of Ukraine, forcing the cyber gang to cease operations. Security analysts were noticing the malware on hacker forums earlier in June 2022, it appears the group's time off was a brief one.</p>
<p>According to a recent report, the authors of the malware have since improved the trojan's efficiency, performance, and stealing capabilities and have been selling it on Telegram since 17 May 2022. It appears that the data stealer is still in its workshop phase and is currently only available to a small pool of cybercriminals. Similar to its predecessor, Raccoon Stealer 2.0 is capable of stealing personal information including passwords, browser cookies, crypto wallet details, geo-location, and autofill data from its victims. Due to advancements in its code, cybercriminals can also use the malware to access fingerprint information, keystrokes, private screenshots, web browser extension, private files, and data stored in installed apps.</p>
<p>Unlike most trojans, Raccoon transmits data each time it successfully claims an item and does not have any obfuscation techniques. While this makes the malware easier to spot, it's also recognized to dramatically improve its effectiveness.<a href="#_ftn1">[1]</a></p>
<p>Unfortunately, with the new full version of the malware, it is expected to be released in July 2022 and the cyber actors are already distributing the Raccoon Stealer in its current form, researchers fear that the worst may be yet to come.</p>
<p>Data thieves like Raccoon Stealers are becoming more known and active than ever. If your business is serious about tackling these threats head-on, a multi-pronged cybersecurity strategy is needed. If something does not seem right to you, it is most likely you already have an infection.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs. com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www. redskyalliance. org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www. wapacklabs. com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www. linkedin. com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://tech.co/news/raccoon-password-stealer-back-effective">https://tech.co/news/raccoon-password-stealer-back-effective</a></p>
<p> </p></div>