The Raccoon Stealer malware first emerged in April 2019 and has since infected thousands of Windows devices around the world. Despite a limited feature set, the popularity of Raccoon Stealer signals a continuous growing trend of the commoditization of malware as it follows a Malware-as-a-Service (MaaS) model.
Raccoon, costing $200 per month to use, is suspected to be of Russian origin and aggressively marketed in underground forums. Prompt 24×7 customer support is offered to community questions and comments on Telegram under the handle “glad0ff”. The handle, and person behind “glad0ff”, has previously been linked to other malware. Raccoon specifically has exploited vulnerabilities in software, leveraged email social engineering tricks, and made use of legit software downloaded from sketchy websites. Once successfully installed, it will communicate with a command-and-control server to gain access to and steal data. This data can be anything from screenshots and credit card info to browser passwords and emails. There are a handful of languages the malware will not target, which indicates where researchers believe the malware originates from.
To learn more about the active attacks, visit here.