Raccoon Team: Underground forums have been raving about a new malware that is being sold as Malware as a Service (MaaS). Thousands of devices have been hit with this malware since its discovery in April 2019. The malware will harvest credit card information, cryptocurrency wallets, mail clients, and browser-related data. It is likely that this malware was developed by Russian-speaking actors, but has become one of the best-selling criminal tools on English language forums. The malware is in active development and the team behind it is quick to release fixes and updates for the malware. The malware is being delivered through exploit kits, phishing attacks, and bundled malware. The stolen information is included in a .zip file that is sent to the command-and-control server and the malware wipes the binaries from the machine. This malware is also known as Racealer and Mahazo. Researchers from Cybereason are responsible for the most recent analysis of Raccoon Stealer.
Analyst Notes
The actors using this malware are likely trying to steal sensitive details for financial gain. All machines should have up-to-date Anti-Virus (AV) software and some type of monitoring in place to detect attacker behaviors that are not recognized by AV signatures. Binary Defense analysts reviewed the Raccoon Stealer malware samples available and found that most AV solutions detect them as malware. Binary Defense Vision is a great option when considering defense-in-depth strategies to combat advanced attackers. Our Security Operations Center (SOC) analysts will detect malware or attacker behaviors early to ensure that the infection from one computer is not spread to the rest of a network. In-depth details about Raccoon Stealer can be found here: https://www.cybereason.com/blog/hunting-raccoon-stealer-the-new-masked-bandit-on-the-block
