HQ/EMEAFind out how we can help your business
The Raccoon Stealer V2 information stealer malware has been spreading through a new malicious campaign that targets Korean users. The malware propagates by disguising itself as a downloadable installer of illegal programs like keygens and cracks. These fake keygens and cracks hide fake certificates from a Korean software firm.
Moreover, the researchers claimed this new campaign has been imitating well-known software solutions to spread different targets with fake versions.
A new investigation uncovered six samples of fake certificates and information from the spoofed company from April 27 to May 1. The threat operators distributed the samples in the form of the ‘PassKey_55551-CompleteFileT1.rar’ archive by a site.
The compressed file includes a Read[.]me[.]file along with a password-protected archive called FullSetup[.]rar. The password-protected file causes the download of the malware.
The Raccoon Stealer V2 sends the gathered information to an attacker-controlled C2.
The investigation of a sample revealed that the Raccoon Stealer V2 collects sensitive information from the infected device after a successful intrusion. Next, the malware will send the harvested data to a command-and-control server owned by the hackers.
The C2 server then installs another malware called Clip Banker on the infected system during the transaction period. The malware could replace the wallet address in the clipboard with the address used by the attackers. The criminals have inflated the size of the malware even though it has a small actual size.
The Raccoon Stealer V2, also known as RecordBreaker, emerged late last year after its developers needed to shut down their operations. The shutdown was caused by the death of one of their lead developers during the Ukraine and Russia geopolitical conflict. However, the malware remained afloat in different instances and different cybercriminal activities.
Cybersecurity experts suggest that online users should be cautious about the threat actors that attempt various methods to gain leverage against them. Moreover, users should refrain from downloading pirated or cracked software from unknown sources and websites.
Double-checking the legitimacy of the site could also help avoid malicious downloads. Lastly, users should employ reputable AV and internet security software packages to have security against such threats.
