Raccoon Malware Resurfaces With Upgraded Tools
Stealth Version Appears Six Months After Hiatus
Overt Operator
August 17, 2023
The notorious Raccoon malware is back in business after a six-month hiatus. Following the arrest of a key administrator last year, the operators announced their return, armed with fresh insights and a more robust set of tools. Known for its user-friendliness and high customization, Raccoon represents a serious cybersecurity threat.
Raccoon Malware’s History
Raccoon, a highly popular info-stealing malware-as-a-service, is traded on dark web forums. Its claim to fame has been its simplicity and ease of use for cybercriminals. The malware's targets are broad, including popular browsers and desktop cryptocurrency wallets. It's designed to steal sensitive information such as passwords, cookies, credit card numbers, and even download files and capture screenshots on victims' computers.
Last October, Mark Sokolovsky, a Ukrainian citizen and one of the key administrators of the malware, was indicted in the U.S. and arrested in the Netherlands. This week, Dutch officials rejected Sokolovsky's appeal against extradition, a move that is likely to lead to his extradition to the U.S. soon.
New Features and Increased Threat
According to an analysis by Cyberint, the Raccoon administrators have made significant enhancements to the malware's latest version, making it an even more potent threat. Some of the new features include:
Quick Search Tool: This addition enables hackers to find specific links in extensive datasets quickly. It's a substantial advantage for cybercriminals dealing with millions of documents and thousands of different links.
Unusual Activity Detection: The malware now detects abnormal activities that might come from bots used by cybersecurity firms to monitor Raccoon's traffic. If anything suspicious is identified, Raccoon automatically deletes records associated with these activities, making detection by automated security tools more challenging.
New Overview Panel: This panel provides users with an overview of their operations, showing details such as the most successfully targeted countries and the number of breached computers.
Previously, Raccoon administrators rented out the malware at $200 per month, payable in cryptocurrency. It was used to steal various data from victims' computers, including login credentials, financial information, and other personal records, typically through phishing emails.
The FBI’s Crackdown Efforts
Following Sokolovsky's arrest, the FBI collected data from many computers infected with Raccoon malware. Law enforcement has identified more than 50 million unique credentials and forms of identification stolen from potential victims globally.