Raccoon might not be the cheapest option on the market but the malware had gained popularity among cybercriminals for its ability to target at least 60 applications, many of which are browsers we use today.
The Raccoon infostealer, also known as Racealer, has attracted a following in underground forums thanks to the aggressive marketing of its wide range of capabilities, use of bulletproof hosting and an easy-to-use backend. The malware is offered at a price of $200 a month and was first spotted by researchers from cybersecurity firm Cybereason in 2019.
While more expensive than other standalone, bareboned offerings, Raccoon's subscription-based model -- which includes technical support, bug fixes, and updates at a relatively cheap Malware-As-A-Service (MaaS) price point -- as well as its overall capabilities have made it a worthwhile investment for cybercriminals seeking to steal data and cryptocurrency.
A new analysis of the malware from Cyberark notes that many infostealers aren't generally sophisticated and use the same variety of techniques to steal information. However, in Raccoon's case, the C++ malware is able to steal data from 35 browsers and 60 overall applications.
According to Cyberark, Raccoon is generally delivered through phishing campaigns and exploit kits. Fraudulent emails sent to would-be victims contain Microsoft Office document attachments with malicious macros, whereas the exploit kits are usually hosted on websites.
Victims are profiled for any potential browser-based vulnerabilities and based on this analysis, they are redirected to the appropriate exploit kit.
See also:This easy-to-use information-stealing trojan malware is quickly gaining popularity among cybercriminals
The command-and-control (C2) server, necessary for the transfer of stolen information as well as for remote malware configuration updates, has its address hidden via several layers of encryption.
Raccoon is able to steal financial information, online credentials, PC data -- such as operating system types and versions, the language in use, and installed application lists -- cryptocurrency wallets, and browser information including cookies, history logs, and autofill content.
The malware targets a wide variety of popular Mozilla and Chromium browsers: Google Chrome, Google Chrome (Chrome SxS), Chromium, Xpom, Comodo Dragon, Amigo, Orbitum, Bromium, Nichrome, RockMelt, 360Browser, Vivaldi, Opera, Sputnik, Kometa, Uran, QIP Surf, Epic Privacy, CocCoc, CentBrowser, 7Star, Elements, TorBro, Suhba, Safer Browser, Mustang, Superbird, Chedot, Torch, Internet Explorer, Microsoft Edge, Firefox, WaterFox, SeaMonkey, and PaleMoon.
In addition, Raccoon attempts to compromise ThunderBird, Outlook, and Foxmail email clients.
Cyberark says the same procedure is in play for each target application. The malware will grab the application files containing sensitive data and copy it to a temp folder, perform routines to extract and decrypt information, write this content to a separate text file, and then send it off to a C2.
CNET:How schools are using kids' phones to track and surveil them
"In order to extract and decrypt the credentials from the applications, Raccoon downloads the specific DLLs for the applications," the researchers say. "The config JSON contains a URL from where the malware will download those libraries."
Cryptocurrency, too, is at risk. Raccoon will seek out Electrum, Ethereum, Exodus, Jaxx, Monero, and Bither wallets by scanning for their default application folders, and will also attempt to grab their wallet credentials.
Once Raccoon has stolen the data it requires, this information is compiled into a .zip archive file and sent to the C2. It may also act as a dropper for additional malware payloads.
TechRepublic:RSA president: Hackers have broken into our brains and created the wrong security story
The malware continues to be supported by a team and development is ongoing. Recently, Raccoon was also given the ability to steal FTP server credentials from FileZilla, UI errors were resolved, and the authors also created an option to encrypt custom malware builds from the UI for download as a DLL.
"Even though Raccoon is not the most sophisticated tool available, it is still very popular among cybercriminals and will likely continue to be," the researchers say. "What used to be reserved for more sophisticated attackers is now possible even for novice players who can buy stealers like Raccoon and use them to get their hands on an organization's sensitive data."
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0
Read the original:
Raccoon malware targets massive range of browsers to steal your data and cryptocurrency - ZDNet
- Bringing clarity to cryptocurrency - Washington Times - May 21st, 2024 [May 21st, 2024]
- Justice Department Arrests Suspects in Cryptocurrency Money Laundering Case The Presidential Prayer Team - The Presidential Prayer Team - May 21st, 2024 [May 21st, 2024]
- This Man Did Not Invent Bitcoin - The New York Times - May 21st, 2024 [May 21st, 2024]
- Cryptocurrency Market News: Tornado Cash Developer Sentenced to Over 5 Years in Prison - Investopedia - May 21st, 2024 [May 21st, 2024]
- Venture Capital Pours $2.4 Billion into Cryptocurrency Startups in Q1 2024 - The Dales Report - May 21st, 2024 [May 21st, 2024]
- What can I buy with Bitcoin? - Quartz - May 21st, 2024 [May 21st, 2024]
- Wealth of knowledge: Teen recognized for helping educate others about cryptocurrency - The Daily Reflector - May 21st, 2024 [May 21st, 2024]
- What cryptocurrency is the best for businesses? - AMBCrypto News - May 21st, 2024 [May 21st, 2024]
- The Future Of Cryptocurrency In Africa - CIO Africa - May 21st, 2024 [May 21st, 2024]
- This Top Cryptocurrency Could Reach $1 Million by 2030, According to Jack Dorsey - Yahoo Finance - May 21st, 2024 [May 21st, 2024]
- What is Market Manipulation in Cryptocurrency? - UseTheBitcoin - May 21st, 2024 [May 21st, 2024]
- Bitcoin in Focus As CME Reportedly Plans to Offer Spot Trading in the Cryptocurrency - Investopedia - May 21st, 2024 [May 21st, 2024]
- Cryptocurrency Price on May 21: Bitcoin jumps above $71k amid inflows in spot BTC ETFs; Ethereum, Avalanch - The Economic Times - May 21st, 2024 [May 21st, 2024]
- Bitcoin jumps back to over $70K, buoying crypto-tied stocks (Cryptocurrency:BTC-USD) - Seeking Alpha - May 21st, 2024 [May 21st, 2024]
- Brothers charged after $25M in cryptocurrency stolen in 12 seconds - USA TODAY - May 21st, 2024 [May 21st, 2024]
- Bitcoin surges to $71000 level today; what's driving the rally? - Mint - May 21st, 2024 [May 21st, 2024]
- Brothers allegedly steal $25 million in cryptocurrency in 12 seconds - Scripps News - May 21st, 2024 [May 21st, 2024]
- Cryptocurrency: Crucial decision this week for the Ethereum ETF - Cointribune EN - May 21st, 2024 [May 21st, 2024]
- DOJ Charges American Brothers with Cryptocurrency Fraud The Presidential Prayer Team - The Presidential Prayer Team - May 21st, 2024 [May 21st, 2024]
- Is Block Stock a Once-in-a-Generation Buying Opportunity? Yes, But Only If You're Bullish on This Top Cryptocurrency - The Motley Fool - May 21st, 2024 [May 21st, 2024]
- Report: Crypto Spot Trading Slows in April - PYMNTS.com - May 21st, 2024 [May 21st, 2024]
- Genesis to pay $2 billion to victims of alleged cryptocurrency fraud - MSN - May 21st, 2024 [May 21st, 2024]
- Solana, Arbitrum, And BlockDAG: Assessing The Top Cryptocurrency To Invest In 2024 - Blockchain Magazine - May 21st, 2024 [May 21st, 2024]
- Ethereum Climbs 11% In a Green Day By Investing.com - Investing.com - May 21st, 2024 [May 21st, 2024]
- Crypto Processing CryptoCloud: Unlocking the Future of Cryptocurrency Payments with Enhanced Performance and ... - CryptoGlobe - May 21st, 2024 [May 21st, 2024]
- Introducing CryptoGiftCard.io Your Gateway to Cryptocurrency Access for All, Powered by CellPay - Newswire - May 21st, 2024 [May 21st, 2024]
- Cryptocurrency prices today: Check rates of Bitcoin, Ethereum, Dogecoin, Solana - NewsBytes - May 21st, 2024 [May 21st, 2024]
- The Pulse of the Market How Fear and Greed Shape Cryptocurrency Trading - The Daily Hodl - May 21st, 2024 [May 21st, 2024]
- Bitcoin price today: rebounds to $70k on spot Ether ETF speculation - Investing.com - May 21st, 2024 [May 21st, 2024]
- Brothers Anton and James Peraire-Bueno charged with $25m ethereum fraud - The Washington Post - May 21st, 2024 [May 21st, 2024]
- MIT-educated brothers accused of stealing $25 million in cryptocurrency in 12 seconds in Ethereum blockchain scheme - CBS News - May 15th, 2024 [May 15th, 2024]
- DOJ Charges 2 Brothers With Scheme to Steal Cryptocurrency - PYMNTS.com - May 15th, 2024 [May 15th, 2024]
- US charges two brothers with novel $25 million cryptocurrency heist - AOL - May 15th, 2024 [May 15th, 2024]
- MIT-educated brothers allegedly stole $25M in crypto in just 12 seconds - New York Post - May 15th, 2024 [May 15th, 2024]
- DOJ charges 2 brothers tied to $25M attack on MEV bots last year - Blockworks - May 15th, 2024 [May 15th, 2024]
- Brothers indicted for 'first-of-its-kind' cryptocurrency heist - Courthouse News Service - May 15th, 2024 [May 15th, 2024]
- The Ultimate Cryptocurrency to Buy With $1,000 - The Motley Fool - May 15th, 2024 [May 15th, 2024]
- Sonne Finance developers offer bounty to hacker behind $20 million crypto theft - The Record from Recorded Future News - May 15th, 2024 [May 15th, 2024]
- Brothers indicted over $25 million Ethereum cryptocurrency theft: DOJ - FOX 10 News Phoenix - May 15th, 2024 [May 15th, 2024]
- Cryptocurrency Price on May 15: Bitcoin dips below $62k ahead of US inflation report today - The Economic Times - May 15th, 2024 [May 15th, 2024]
- $100 Trillion Market Cap For Cryptocurrency Will Be a Reality: Analyst - Watcher Guru - May 15th, 2024 [May 15th, 2024]
- This Week in Web3: Crypto Payment Rails and Regulatory Clarity - PYMNTS.com - May 15th, 2024 [May 15th, 2024]
- Unveiling Fourprime Token Where Innovation Meets Cryptocurrency Revolution - AccessWire - May 15th, 2024 [May 15th, 2024]
- Binance: A Comprehensive Overview of The World's Leading Cryptocurrency Exchange - Blockchain.News - May 15th, 2024 [May 15th, 2024]
- Cryptocurrency Likely to Resume Rally: 4 Stocks Set to Gain - Yahoo Finance - May 15th, 2024 [May 15th, 2024]
- Cryptocurrency: Mass Institutional Adoption Underway, with Bitcoin, BlockDAG Network, and Ethereum Value Surge - Yahoo Finance - May 15th, 2024 [May 15th, 2024]
- The Ultimate Cryptocurrency to Buy With $1,000 - sharewise - May 15th, 2024 [May 15th, 2024]
- Two Brothers Arrested for Attacking Ethereum Blockchain And Stealing $25M In Cryptocurrency - Eurasia Review - May 15th, 2024 [May 15th, 2024]
- 3 Potentially Brutal Cryptocurrency Risks That Most Investors Simply Aren't Ready For - The Motley Fool - May 15th, 2024 [May 15th, 2024]
- Crypto customer scammed in alleged HK$1 million hell money scheme in Hong Kong - South China Morning Post - May 15th, 2024 [May 15th, 2024]
- Brothers accused of stealing $25 million in cryptocurrency in 12 seconds - MSN - May 15th, 2024 [May 15th, 2024]
- Solana (SOL) Price Prediction 2024,2025 And 2030 Forbes Advisor INDIA - Forbes - May 15th, 2024 [May 15th, 2024]
- Cryptocurrency Warning: Avoid These 3 Failing Names - InvestorPlace - May 15th, 2024 [May 15th, 2024]
- Top 3 Cryptocurrency to Invest Now According to Reddit: Bitcoin, Ethereum, Furrever Token - Yahoo Finance - May 15th, 2024 [May 15th, 2024]
- Two Brothers Educated In Prestigious University Stole Cryptocurrency Worth $25 Million In 12 Seconds, Feds Allege - Daily Caller - May 15th, 2024 [May 15th, 2024]
- 6 Altcoins To Consider Buying For The Next Bull Run In 2024 - Forbes - May 15th, 2024 [May 15th, 2024]
- US charges two brothers with novel $25 million cryptocurrency heist - ThePrint - May 15th, 2024 [May 15th, 2024]
- Bitcoin Just Did Something It Has Only Done 3 Times Before. The Cryptocurrency Usually Does This Next. - The Motley Fool - April 25th, 2024 [April 25th, 2024]
- Cryptocurrency Market News: Bitcoin Halving Steadies Price, Network Transaction Fees Spike - Investopedia - April 25th, 2024 [April 25th, 2024]
- Bitcoin Just Did Something It Has Only Done 3 Times Before. The Cryptocurrency Usually Does This Next. - Yahoo Finance - April 25th, 2024 [April 25th, 2024]
- 10 Best Cryptocurrencies To Buy In April 2024 - Forbes - April 25th, 2024 [April 25th, 2024]
- Movement Labs raises $38 million to build layer 2 blockchain on Ethereum with Facebook tech - Fortune - April 25th, 2024 [April 25th, 2024]
- Cardano Founder Charles Hoskinson Reiterates Core Purpose of Cryptocurrency Here's What You Need to Know - Cryptonews - April 25th, 2024 [April 25th, 2024]
- From Cryptocurrency to Cannabis: 7 Penny Stocks on the Rise - InvestorPlace - April 25th, 2024 [April 25th, 2024]
- South Carolina: Cryptocurrency scams on the rise in Upstate - WYFF4 Greenville - April 25th, 2024 [April 25th, 2024]
- Binance BNB Memecoin Traders Join 100X New Cryptocurrency On Uniswap - Yahoo Finance - April 25th, 2024 [April 25th, 2024]
- The Future of Real Estate: Investing in Tokenized Properties with Cryptocurrency - ForexLive - April 25th, 2024 [April 25th, 2024]
- The Current Position with Cryptocurrency Regulation in the United States - Latest Cryptocurrency Prices & Articles - April 25th, 2024 [April 25th, 2024]
- 3 Must-Know Facts About Ethereum, Before You Buy the Cryptocurrency - The Motley Fool - April 25th, 2024 [April 25th, 2024]
- Cryptocurrency: 3 Meme Coins To Watch In May for Exponential Gains - Watcher Guru - April 25th, 2024 [April 25th, 2024]
- EOS Falls 14% In Bearish Trade By Investing.com - Investing.com - April 25th, 2024 [April 25th, 2024]
- The UItimate Cryptocurrency to Buy With $1,000 Today - The Motley Fool - April 25th, 2024 [April 25th, 2024]
- Romance scams involving AI images, cryptocurrency on the rise in Chicago - CBS Chicago - April 25th, 2024 [April 25th, 2024]
- Bitcoin Halving Event Of 2024: The Aftermath Forbes Advisor Australia - Forbes - April 25th, 2024 [April 25th, 2024]
- Cryptocurrency Ethereum Classic Down More Than 4% Within 24 hours - Benzinga - April 25th, 2024 [April 25th, 2024]
- Cryptocurrency: Top 3 Coins To Buy Now For 10X Gains In 2024 - Watcher Guru - April 25th, 2024 [April 25th, 2024]
- What's going to be different with the halving of Bitcoin this time? - Euronews - April 25th, 2024 [April 25th, 2024]
- Cryptocurrency OKB Decreases More Than 3% Within 24 hours - Benzinga - April 25th, 2024 [April 25th, 2024]
- Cryptocurrency OKB Decreases More Than 3% Within 24 hours - Investing.com UK - April 25th, 2024 [April 25th, 2024]
- Cryptocurrency Kaspa Falls More Than 3% In 24 hours - Benzinga - April 25th, 2024 [April 25th, 2024]