Search results
Aug 15, 2023 · The developers of Raccoon Stealer information-stealing malware have ended their 6-month hiatus from hacker forums to promote a new 2.3.0 version of the malware to cyber criminals.
Jun 28, 2022 · Raccoon Stealer, a malware that can steal browser passwords, cryptocurrency wallets, and other data, is back with a second major version. The new version offers more capabilities, faster data exchange, and a higher price for hackers.
Oct 25, 2022 · Raccoon Stealer is a Windows-based malware that can steal passwords, credit card numbers, and other sensitive details from infected PCs. The US has arrested the developer behind the malware and dismantled its IT infrastructure, but the malware is still active and can be checked online.
Aug 22, 2023 · A glimpse into Raccoon’s arsenal. Targeted applications: By targeting up to 60 distinct apps, Raccoon Stealer doesn’t just rely on broad strokes.It has an extensive and specific hit list, meticulously programmed to dive deep into popular applications where you often store or auto-fill your most sensitive information.
- Raccoon Stealer Malware
- What Is Raccoon Stealer?
- How Does Raccoon Stealer V2 Infection Work?
- Darktrace Coverage of Raccoon Stealer
- Conclusion
- Appendices
Since the release of version 2 of Raccoon Stealer in May 2022, Darktracehas observed huge volumes of Raccoon Stealer v2 infections across its client base. The info-stealer, which seeks to obtain and then exfiltrate sensitive data saved on users’ devices, displays a predictable pattern of network activity once it is executed. In this blog post, we w...
Raccoon Stealer is a classic example of information-stealing malware, which cybercriminals typically use to gain possession of sensitive data saved in users’ browsers and cryptocurrency wallets. In the case of browsers, targeted data typically includes cookies, saved login details, and saved credit card details. In the case of cryptocurrency wallet...
A Raccoon Stealer v2 infection typically starts with a user attempting to download cracked or free software from an SEO-promoted website. Attempting to download software from one of these cracked/free software websites redirects the user’s browser (typically via several .xyz or .cfd endpoints) to a page providing download instructions. In May, June...
Once a user’s device becomes infected with Raccoon Stealer v2, it will immediately start to communicate over HTTP with a C2 server. The HTTP requests made by the info-stealer have an empty Host header (although Host headers were used by early v2 samples) and highly unusual User Agent headers. When Raccoon Stealer v2 was first observed in May 2022, ...
Since the release of Raccoon Stealer v2 back in 2022, the info-stealer has relentlessly infected the devices of unsuspecting users. Once the info-stealer infects a user’s device, it retrieves and then exfiltrates sensitive information within a matter of minutes. The distinctive pattern of network behavior displayed by Raccoon Stealer v2 makes the i...
MITRE ATT&CK Mapping
Resource Development • T1588.001 — Obtain Capabilities: Malware • T1608.001 — Stage Capabilities: Upload Malware • T1608.005 — Stage Capabilities: Link Target • T1608.006 — Stage Capabilities: SEO Poisoning Execution • T1204.002 — User Execution: Malicious File Credential Access • T1555.003 — Credentials from Password Stores: Credentials from Web Browsers • T1555.005 — Credentials from Password Stores: Password Managers • T1552.001 — Unsecured Credentials: Credentials In Files Command and Con...
IOCS
Type IOC Description User-Agent String record String used in User Agent header of Raccoon Stealer v2’s HTTP requests User-Agent String mozzzzzzzzzzz String used inUser Agent header of Raccoon Stealer v2’s HTTP requests User-Agent String rc2.0/client String used in User Agent header of Raccoon Stealer v2’s HTTP requests User-Agent String qwrqrwrqwrqwr String used in User Agent header of Raccoon Stealer v2’s HTTP requests User-Agent String rqwrwqrqwrqw String used in User Agent header of Raccoo...
Nov 2, 2022 · Inside Raccoon Stealer V2. Raccoon Stealer is back on the news again. US officials arrested Mark Sokolovsky, one of the malware actors behind this program. In July 2022, after several months of the shutdown, a Raccoon Stealer V2 went viral. Last week, the Department of Justice's press release stated that the malware collected 50 million ...
People also ask
What happened to Raccoon stealer?
What is raccoon stealer?
What is raccoon stealer malware?
Did Raccoon infostealer steal data?
Jan 5, 2024 · Raccoon Stealer malware has emerged as a formidable player in the cyber threat landscape. Since its debut in early 2019, it’s become a go-to tool for cybercriminals, offering malware-as-a-service on shadowy online forums. Known for its ability to pilfer sensitive data, Raccoon has evolved, adapting to the ever-changing digital environment.
