September 29, 2023

The operators of the notorious Raccoon malware introduced their return this week after a six-month hiatus from hacker boards following the arrest of an administrator.

“We’re glad to return with new power and understanding of our errors,” they mentioned in an announcement.

Raccoon is a extremely in style info-stealing malware-as-a-service offered on darkish internet boards. It has been praised for its simplicity and customization.

The malware targets in style browsers and desktop cryptocurrency wallets to steal passwords, cookies, and bank card numbers. It may additionally obtain recordsdata and seize screenshots on victims’ computer systems.

Final October, the U.S. indicted one of many “key directors” of the malware, Ukrainian citizen Mark Sokolovsky, and demanded his extradition from the Netherlands, the place he was arrested. Dutch officers are prone to honor this request quickly as this week they rejected Sokolovsky’s enchantment in opposition to being extradited.

Based on a report by Cyberint, which analyzed the malware’s newest model, Raccoon directors have launched options that make it simpler and extra handy to make use of the software.

For instance, they added a fast search software to search out particular hyperlinks in massive datasets, which is able to assist hackers rapidly find wanted info, even when coping with hundreds of thousands of paperwork and hundreds of various hyperlinks, in accordance with the researchers.

One other characteristic detects uncommon exercise which will come from bots that assist cybersecurity companies monitor Raccoon’s site visitors. If Raccoon identifies suspicious conduct, it robotically deletes data related to these actions and updates the knowledge on every shopper pad.

This makes it more durable for safety instruments that use automation and bots to detect the malware, in accordance with Cyberint.

Raccoon operators additionally added a brand new panel that provides customers an summary of their operations, essentially the most efficiently focused international locations, and the variety of breached computer systems.

Prior to now, Raccoon Infostealer directors rented out its malware for $200 per thirty days in cryptocurrency to steal knowledge from victims’ computer systems, together with log-in credentials, monetary info, and different private data. The malware is put in on the victims’ computer systems via phishing emails.

The stolen info is then despatched to a number of servers managed by the Raccoon directors. When the operation is accomplished, Raccoon deletes itself from the contaminated laptop.

After Sokolovsky’s arrest, the FBI collected knowledge stolen from many computer systems that cybercriminals contaminated with Raccoon malware.

Regulation enforcement has recognized greater than 50 million distinctive credentials and types of identification, together with e-mail addresses, financial institution accounts, cryptocurrency addresses, and bank card numbers within the stolen knowledge from hundreds of thousands of potential victims around the globe.

Get extra insights with the

Recorded Future

Intelligence Cloud.

Study extra.

Daryna Antoniuk

Daryna Antoniuk
is a contract reporter for Recorded Future Information primarily based in Ukraine. She writes about cybersecurity startups, cyberattacks in Japanese Europe and the state of the cyberwar between Ukraine and Russia. She beforehand was a tech reporter for Forbes Ukraine. Her work has additionally been revealed at Sifted, The Kyiv Impartial and The Kyiv Submit.