The Racoon Stealer “malware as a service platform” gained notoriety several years ago (April 2019) for its ability to extract data that is stored within a Web browser. This data initially included passwords and cookies, which sometimes allow a recognized device to be authenticated without a password being entered. Racoon Stealer was also designed to steal auto-fill data, which can include a vast amount of personal information ranging from basic contact data to credit card numbers. As if all of that were not enough, Racoon Stealer also had the ability to steal cryptocurrency and to steal (or drop) files on an infected system.
As bad as Racoon Stealer might have been, its developers have recently created a new version that is designed to be far more damaging than the version that previously existed.
New Racoon Stealer Capabilities
The new version of Raccoon Stealer still has the ability to steal browser passwords, cookies, and auto-fill data. It also has the ability to steal any credit card numbers that are saved in a browser.
Additionally, the latest version of Raccoon Stealer is far more capable than its predecessor when it comes to stealing cryptocurrency. Not only can Raccoon Stealer attack cryptocurrency wallets, but it also has the ability to attack numerous cryptocurrency-related browser plugins.
The developers of Raccoon Stealer have also enhanced the malware’s ability to harvest file data. Whereas the previous version was eventually enhanced to allow the theft of individual files, the latest version is capable of stealing files regardless of which disk they reside. Additionally, the new version of Raccoon Stealer can capture a list of the applications that are installed on the machine, which can be useful in helping an attacker to know what types of data files might exist and be worth stealing.
Perhaps most disturbingly, Raccoon Stealer is able to capture screenshots from an infected system. Screen captures could be used for a countless variety of nefarious purposes. For example, an attacker could conceivably watch someone enter payment information related to purchase and take a screen capture of the checkout screen, thereby capturing not just a credit card number, but all of the supporting details that might be required in order to use the credit card (such as the card’s security code and the cardholder’s name and address). Of course, a screen capture feature could be used to steal any type of sensitive data and an attacker who has created such a screen capture could use it as the basis for a cyber extortion scheme.
How Can You Protect Your Organization?
Defending yourself against this latest version of Raccoon Stealer largely comes down to adhering to long-established security best practices. For example, you should never click on a link or open an attachment within a message unless you know the sender. Even if you do know the sender, it’s important to take the time to verify a message’s authenticity before clicking on any links or opening attachments. After all, attackers often spoof message headers in a way that makes it appear as though a malicious message was sent by someone that you know. End-user education is vital for your organization, be sure to inform your employees of the do’s and don’ts of online safety.
It’s also extremely important to keep your operating system and your applications up to date with the latest security patches. Similarly, you should avoid running any outdated applications that are no longer being updated. This is especially true for internet browsers since that Raccoon Stealer’s primary target.
You’ll have to make sure that you have malware protection installed on all of your systems and that this malware protection is being kept up-to-date. Don’t simply assume that updates are being regularly downloaded and installed – take the time to periodically check when the most recent malware signature was added.
Finally, realize that no system is ever 100% immune to malware. In the case of Raccoon Stealer, for example, all it takes is one bad click for a system to become infected. Even a seasoned IT security professional could potentially become a victim if they happened to be distracted for a moment and accidentally click on something they shouldn’t. If that happens, then hopefully, the anti-malware software will prevent the system from becoming infected, but the potential for infection still exists.
Likely to see increased usage
We expect to see a resurgence of Raccoon Stealer v2 attacks as developers implemented a version tailored to the needs of cybercriminals (efficiency, performance, stealing capabilities, etc.) and scaled their backbone servers to handle large loads.
Most infostealers are sold as Malware-As-A-Service (MaaS) – which allows malware authors to provide a fully working package to their “customers” (a.k.a cybercriminals) and also includes access to a technical support team and updates for the malware (bug fixes and new features). The package typically includes a login to an administrative panel where the attacker can customize the malware functionality, view all the stolen credentials/logs and download builds of the malware. The cost for v2 is currently set at $275/month, or $125/week
Deliver David's Tech Talk to my inbox
We'll send David's weekly Tech Talk to your inbox - including the MP3 of the actual radio spot. You'll never miss a valuable tip again!
We have a “Phishing” Postcard that we like to put at every clients’ computer.
We’ll send them to you – FREE
Just fill out the form below and we WILL NOT SPAM YOU or sell your address!