The cybercrime group behind Raccoon Stealer has announced its return after a hiatus of six months with a new version of the malware. Tracked as version 2.3.0, the info-stealer is being promoted to threat actors via hacker forums.
This latest development comes in the wake of multiple downfalls suffered by the operators in 2022, which ultimately led to the suspension of their operations.
New features and updates
While the data-stealing capabilities remain the same, version 2.3.0 includes new features to launch stealthy attacks. These include the following:
- an advanced admin panel that allows threat actors to easily retrieve stolen data, including credentials and documents from massive datasets.
- a new system has been added to detect unusual activity patterns such as multiple access from the same IP address. In those cases, the system automatically blocks or deletes records associated with the activity and updates information on each client pod.
- a reporting system that detects and blocks IP addresses used by crawlers and bots to monitor Raccoon’s traffic. Thus, evades detection.
- a new Log Stats panel that provides an overview of their operations, the most successfully targeted regions, and the number of breached computers, among others.
A timeline of bad times
- In March 2022, Raccoon Stealer operators abandoned the operations due to the loss of a developer in the Russia-Ukraine war. As a result, the malware was replaced with the Dridex trojan as part of attack campaigns.
- In June 2022, the information-stealing malware showed signs of life as researchers detected a new sample (version 2.0) written in C/C++ using WinApi.
- While the new version featured new data-stealing capabilities, it was not long before the group suffered another major blow and was forced again to halt its operations.
- In October 2022, the FBI extradited one of its main operators from the U.S. and seized the MaaS infrastructure that had accumulated over four million email addresses.
With its reemergence in the wild, threat actors have certainly proved that such roadblocks may not be enough to deter the group from their mission.
Ending note
Raccoon Stealer is a versatile malware that provides threat actors with the ability to launch a wide range of attacks, including BEC scams and cyberespionage. To protect oneself against such threats, it is essential to use password managers instead of storing credentials on the browser. Enforcing the use of MFA across different accounts and applications is recommended as it adds an extra layer of security. Organizations must enforce best practices, including email security controls and software updates to stay safe.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock_000059603538_Small.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/d021_shutterstock_661733230.jpeg)
