Image: Bermix Studio (unsplash)
The creators of the Raccoon Stealer, a notorious information-stealing malware, have resurfaced after a six-month absence from digital platforms to unveil an enhanced 2.3.0 version targeted towards cyber criminals.
Raccoon has established itself as a prominent figure in the realm of information theft, originating in 2019. It’s made available to potential threats via a subscription, priced at $200/month.
This malevolent software can extract data from more than 60 applications. It targets login details, credit card data, browser history, cookies, and digital currency account details.
Chaos surrounded the project in October 2022 when its lead developer, Mark Sokolovsky, faced arrest in the Netherlands. Subsequently, the supporting infrastructure of the malware was dismantled by the FBI.
However, Raccoon is making a comeback.
A recent update on a digital platform, initially identified by VX-Underground, was posted by the current developers of the malware. They communicated their return to the cybercriminal world, emphasizing their persistent efforts to introduce upgraded features that promise a superior experience for the users.
The enhancements were brought about in response to feedback, demands, and the evolving patterns in cyber malfeasance, with the ambition of preserving Raccoon’s elite status in the digital theft domain.
Cyberint’s assessment highlights that Raccoon 2.3.0 encompasses numerous ergonomic and operational security updates. These changes not only simplify its operation for amateur threats but also make detection by analysts and the police even more challenging.
The revamped Raccoon Stealer dashboard introduces a speedy search function, enabling users to swiftly pinpoint and recover particular stolen data, such as credentials or documents, from vast databases.
Additionally, the upgraded version introduces a mechanism that responds to potential threats, like repeated access attempts from an identical IP. In these situations, Raccoon autonomously purges the related records and refreshes all client data pads.
A unique feature of the dashboard is its ability to present the action profile rating of each IP. Here, a spectrum of smiley icons colored green, yellow, and red depict the likelihood of automated bot involvement.
Another crucial inclusion, aimed at thwarting security analysts, is a reporting tool that identifies and obstructs IPs affiliated with crawlers and bots, tools typically deployed by cyber-intelligence organizations to scrutinize Raccoon’s digital traffic.
To sum up the updates, a Log Stats panel has been integrated to offer users an instant overview of their activities, pinpointing successfully infiltrated regions, and tallying compromised computer systems.
Information theft tools pose a colossal risk to individual users and corporate entities. Their rampant usage in the cyber mischief world guarantees that harmful payloads get dispatched through various channels, impacting a vast and varied audience.
Such malware variants, given their ability to snatch not just credentials but also session cookies, can potentially allow culprits to use these snatched cookies to sidestep multi-factor verifications and infiltrate business systems. Once inside, they can execute a range of malicious activities, from data theft, ransom demands, BEC frauds, to clandestine digital surveillance.
For defense against the likes of Raccoon Stealer and similar threats, reliance on password management tools is advised over browser-stored credentials. Moreover, activating multi-factor verifications on all accounts and steering clear of downloading files from questionable sources, even if linked through trusted platforms like Google Ads or social media, is crucial.