Raccoon stealer is again in the news for releasing its new version of the malware only after three months of suspension of its activities following the death of its key developer in the Russia-Ukraine war. Raccoon stealer is an information stealer malware that first appeared on the scene in April 2019.
Raccoon stealer is a popular malware among threat actors, as when the threat actors get the subscription of the Raccoon stealer, they will get the access to an admin panel allowing them to customize the malware, recover the stolen data (also called, logs) and develop new malware builds.
Cybersecurity threat actors can retrieve a wide variety of stolen information from the infected devices, including the popular browser credentials, browser history information, cryptocurrency wallets, email data, and credit card data from numerous applications. The reason behind the popularity of Raccoon stealer is that it is relatively cheaper and offers the subscription to its subscriber at $75 per week and $200 per month.
During the Russian invasion of Ukraine, one of the lead developers of Racoon stealer was killed, and the cybercrime group behind the development of Raccoon stealer, a password-stealing malware, suspended its operation in March 2022. After successfully launching Raccoon Stealer the developer of this notorious malware stated that they were moving Mars stealer operation, which is as effective as Raccoon. After two months of pause in the service, the Raccoon 2.0, a new version, is now promoted on the hacker’s platforms, as the admin posted a teaser of the new version on June 2, 2022.
However, the new version has already cleared a testing phase of two weeks, and clients have been quite satisfied with its new beta version. Revealed by the malware author of Raccoon 2.0, it is built from scratch using C/C++ features with new back-end and front-end code to steal data from browsers. Also, the Sekoia’s technical analysis confirmed that the new version of Raccoon can work on 32 and 64-bit systems without any dependencies, only fetching eight legitimate DLLs from its C2 servers.
Raccoon 2.0 version performs the following operation:
- Collects stolen information like browser passwords, credit card data, email data, cookies, and auto-fill data.
- Can track basic fingerprint information.
- Can steal data from cryptocurrency wallets and web browsers.
- Locate individual files on all disks.
- Able to capture screenshots.