Raccoon Stealer – A High-risk Trojan Malware

A new kind of trojan malware is fast gaining currency among the cybercriminals for the capability to steal sensitive information like – credit card data, cryptocurrency wallets, and email credentials. This new trojan malware is dubbed as Raccoon Stealer. In this article, we will be gaining knowledge about the high-risk trojan malware and how can it be avoided.

Contents:

1. What is Raccoon Stealer?
2. Major points
3. How can Raccoon Stealer infiltrate your system?
4. Threat Summary
5. How to avoid malware infection?

What is Raccoon Stealer?

Raccoon Stealer is a high-risk trojan-type application that stealthily infiltrates the system and collects personal information. The trojan installed on your computer might lead to various issues. The cybercriminals offer the trojan’s service within hacker forums. Any aspiring cybercriminals can purchase a subscription and generate revenue by misusing the stolen data.

The malware, written in C++, leverages several potential delivery methods. The Raccoon Stealer gathers personal information, which includes passwords, browser cookies, and autofill data, and crypto wallet details. Additionally, Raccoon Stealer records system information such as Internet Protocol (IP) addresses and geo-location. The data can be misused in various ways. Cybercriminals might use it to transfer users’ funds in crypto wallets and other accounts.

Victims, therefore, lose their savings, and additionally, hijacked accounts (Social media platforms, mails, etc.) can be misused to borrow money. Victims might accrue significant debt and often use stolen contacts to proliferate malware by spamming malicious links/ files to all communications.

Raccoon Stealer developers aim to generate revenue by selling collected data, rather than misusing it themselves as they offer a service that allows ‘subscribers’ to access stolen data. Raccoon Stealer provides an admin panel that will enable subscribers to view and download chosen information (logs). The malicious malware is not the first infection that is sold on hacker forums and is unique since the buyer does not need to generate any malware.

The malware Stealer is therefore responsible for the distribution, while the subscriber gains access only to the stored data and not the malicious executable (malware programs). The malware developers sell malicious executables, which buyers must then proliferate and gain a significant advantage is much more convenient for subscribers who are looking for generic personal data.  The developers also offer a weekly/ monthly subscription for a cost of $75/$200, and the price is low when the revenue is considered potentially be generated. Most of the anti-virus/ anti-spyware suites are capable of detecting and eliminating Raccoon Stealer malware.

Major points:

1. The Raccoon Stealer: The researchers’ team investigated multiple incidents involving since April 2019.
2. Steals a Wide Range of Data: Raccoon lacks sophistication but leverages several potential delivery methods and can steal a wide range of important data, including credit card information, cryptocurrency wallets, browser data, and email credentials.
3. Gaining Traction: Despite being released earlier this year, the Raccoon stealer is exploring in popularity in the underground community to become one of the top 10 most-referenced malware on the market in 2019, infecting hundreds of thousands 0f endpoints globally across organizations and individuals in US, UK, and Asia.
4. Enables any individual to easily commit cybercrime: Raccoon follows a malware-as-a-service model, allowing individuals a quick-and-easy way to make money stealing sensitive data without a huge personal investment or technical know-how.
5. A robust following underground: The team behind Raccoon is lauded in the underground community for their level of service, support and user experience, but has faced several bouts of public feuds and internal disputes.

How can Raccoon Stealer infiltrate your system?

A known distribution tool used to spread Raccoon Stealer is Rig Exploit Kit (RigEK), which injects systems with the Smoke Loader trojan. The number of other tools/ methods used to cover these trojans. The list includes third party software download sources, spam email campaigns, fake software updaters, and cracks, and other trojans. Cybercriminals use unofficial download sources to proliferate malware by presenting it as legitimate software.

Spam campaigns are also used in a similar manner and send hundreds of thousands of identical emails containing malicious attachments (files/links) and deceptive messages. The messages typically present the attachments as ‘important documents’ in attempts to give the impression of legitimacy and trick users into opening them. The idea behind software cracks is to activate paid software free of charge, and how many of these tools are fake.

Rather than allowing access paid features, the threat actors simply inject malware into the system. The same case goes for updating installed applications; these tools infect computers by exploiting outdated software bugs/ flaws and install malware rather than the updates. Trojans cause ‘chain infections’ that stealthy infiltrate computers, and while running in the background, they install the additional malware.

Threat Summary:

1. Name: Raccoon Stealer Trojan
2. Threat Type: Trojan, Password-stealing virus, Banking malware, Spyware
3. Detection Names: Avast (Win32: Trojan-gen), BitDefender (Gen:Heur.Titirex.1.F), ESETNOD (Win32/Spy.Agent.PQZ), Kaspersky (Trojan-Spy.MSIL.Stealer.aik), Full List.
4. Malicious Process Name: 2.exe (the name may vary)
5. Symptoms: Trojans are designed to infiltrate the victim’s computer and remain silent stealthily, and thus no particular signs are clearly visible on an infected machine.
6. Distribution methods: Infected email attachments, malicious online advertisements, social engineering, software ‘cracks’.
7. Damage: Stolen banking information, passwords, identify theft, victim’s computer added to a botnet.
8. Removal: To eliminate Raccoon Stealer trojan, our malware, researchers recommend scanning your computer with SpyHunter.

Raccoon Stealer has infected over 100,000 endpoints worldwide within a span of a few months. The immense explosion of popularity is attributed to a number of reasons, it costs $200 per month to use and building in features like automated backend panel.

How to avoid malware installation?

1. Be cautious when browsing the internet and downloading/ installing/ updating software.
2. Carefully analyze all the received emails and their attachments. Be careful from the attachments received from suspicious/ unrecognizable email addresses.
3. Make sure you download software from official sources and use direct download links.
4. Third-party installers are often used to proliferate malware and thus these tools should be achieved only when implemented functions are provided by the developers.
5. Be aware of software piracy as it is cybercrime, and the risks of infections are high.
6. Have a reputable antivirus/ anti-spyware suite installed and running. Keep it updated as and when new updates are available.
7. The primary key to your computer system is caution.
8. When infected, manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Use a professional automatic malware removal tool that is recommended to get rid of such high-risk infections.

Hence, when you suspect Raccoon Stealer’s presence on your system, immediately scan the system with this software and eliminate all detected threats. The main reasons behind these computer infections are lack of knowledge of the risks with careless behavior. The attack thus is another sign that threat actors are actively exploiting software vulnerabilities and phishing techniques to distribute and install malware.

Are you interested in learning and gaining more knowledge about the day-to-day cyber threats? Head towards the blog for daily updates on these threats. This brings me to the latest Ransomware- GlobeImposter. GlobeImposter is a ransomware-type malicious virus that mimics Purge (Globe) ransomware. The new strain of GlobeImposter Ransomware has been seen, and it is most likely distributed through emails. Malicious codes are compressed into a zip archive and sent to the end-user. It is a ransomware application that will encrypt files on victim machines and demands payment to retrieve the information. The GlobeImposter ransomware is also known as the Fake Globe ransomware family. It may be distributed through a malicious spam campaign, recognizable only with their lack of message content and an attached ZIP file. To know more, visit here !!

Stay Updated. Stay Protected!