Raccoon info stealer already infected 100,000+ worldwide

A new information stealer, dubbed Raccoon, made the headlines infecting hundreds of millions of victims worldwide.

Security experts at Cybereason have spotted a new information stealer, dubbed Raccoon, that is infecting hundreds of millions of victims worldwide.

The malware was designed to steal victims’ credit card data, email credentials, cryptocurrency wallets, and other sensitive data.

The malware is offered with a malware-as-a-service (MaaS) model that allowed the threat to rapidly gain popularity in the cybercriminal ecosystem.

“The Raccoon stealer is one of the 2019 top 10 most-mentioned malware in the underground economy and is widely known to have infected hundreds of thousands of devices around the world, despite it not being overly sophisticated or innovative.” reads the analysis published by Cybereason.

“Its popularity, even with a limited feature set, signals the continuation of a growing trend of the of malware as they follow a (Malware-as-a-Service) model and evolve their efforts.”

Raccoon is offered for sale as a MaaS that implements an easy-to-use automated backend panel, operators also offer bulletproof hosting and 24/7 customer support in both Russian and English. The price for the Raccoon service is $200 per month to use.

The experts explained that the Raccoon malware is not sophisticated but leverages several potential attack vectors and is able to steal a large quantity of sensitive data.

Raccoon is written in C++ by Russian-speaking developers that initially promoted it exclusively on Russian-speaking hacking forums. The malware is now promoted on English-speeaking hacking forums, it works on both 32-bit and 64-bit operating systems.

The analysis of the logs for sale in the underground community allowed the experts to estimate that Raccoon has already infected over 100,000 users worldwide. The key to its success is the simplicity to arrange malware campaigns through the MaaS model that allows both technical and nontechnical individuals alike to monetize their efforts.

The malware was first spotted in April 2019, it is actively distributed via multiple exploit kits, including Fallout and RIG, and phishing campaigns.

“Many in the community praise and endorse Raccoon’s malware capabilities and the services the team provides,” researchers said. “Some voices in the community even endorse it as a worthy replacement for the famous Azorult stealer.”conclude the expert. “Though the Raccoon stealer may not be the most innovative infostealer on the market, it is still gaining significant traction in the underground community. Based on testimonials from the underground community, The Raccoon team provides reliable customer service to give cybercriminals a quick-and-easy way to commit cybercrime without a huge personal investment.”

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase