HQ/EMEAFind out how we can help your business
The Raccoon Stealer cybercriminal group announced it was ending its hiatus and reemerging with new malware. Based on reports, the new tool is the Raccoon Stealer version 2.3.0, an information stealer malware its developers offer on hacker forums.
Based on reports, the new version includes new features that could provide threat actors with stealth capabilities while its data-stealing function remained as is.
One new ability that the new version possesses is an advanced admin panel that enables its operators to efficiently retrieve stolen information, such as credentials and documents, from huge data sets.
In addition, the threat actors added a new system that could detect unusual activity patterns like multiple access from the same IP address. In these cases, the system automatically prevents or deletes records linked with the activity and updates information on each client pod. Furthermore, the new version has a reporting system that spots and blocks IP addresses used by bots and crawlers to monitor the infostealer’s traffic so it can bypass security detections.
Lastly, the latest version has a new Log Stats pane that overviews the campaign’s status, the most successful targeted regions, and the number of compromised servers.
The Raccoon Stealer started its hiatus last year.
According to reports, the Raccoon Stealer operators ended their operations in March last year after losing a developer in the Russia and Ukraine geopolitical conflict. Hence, the Dridex trojan operation substituted the spot left by the former group.
However, the group showed signs of activity after researchers observed a new malware sample of the group coded in C/C++ via WinApi. Unfortunately for the actors, it did not take long before they suffered another blow and needed to stop their operations again.
The Raccoon Stealer is an all-around malware that enables its operators to launch a widespread cybercriminal campaign. Therefore, admins and users should use password managers instead of storing credentials on the browser to safeguard the data against such threats.
Furthermore, firms should also consider adopting MFA across different accounts and apps since it adds an extra layer of security. Finally, companies should observe proper cybersecurity hygiene to protect against such attacks.
