In criminal circles, the new data-stealing program, Raccoon, is rapidly gaining popularity.For several months, this information stealer, according to Cybereason, managed to infect more than 100 thousand Windows machines in North America, Western Europe and Asia.
The malware is not particularly complicated and does not use innovative techniques, but the business model of its creators – MaaS – allows attackers quickly and with minimal labor earn money by stealing confidential information. A study of relevant topics in shadow communities has shown that Raccoon is currently in the top ten of malware programs by the number of forums mentioned.
“Managing the malware does not require special technical training that it makes it attractive to a wide audience. Moreover, Raccoon developers are constantly improving it and quickly respond to customer comments”, — Assaf Dahan and Lior Rochberger analysts write on the Cybereason Nocturnus team blog.
Researchers from Cybereason first discovered Raccoon in April this year. A malicious program written in C++ can be distributed in various ways: using exploit packs (including Fallout and RIG), via malicious email newsletters, downloading from the web along with pirated copies of legitimate applications.
After installation, the malware proceeds to search for bank details, crypto-wallet addresses, passwords, email credentials, information about the system, as well as information stored in popular browsers. Raccoon accumulates its findings and sends it to its operator. Despite the breadth of interests, the set of functions of the malware is not especially rich, it does not even know how to register keystrokes.
“Though the Raccoon stealer may not be the most innovative infostealer on the market, it is still gaining significant attention in the underground community. Based on testimonials from the underground community, The Raccoon team provides reliable customer service to give cybercriminals a quick-and-easy way to commit cybercrime without a huge personal investment”, — report Assaf Dahan and Lior Rochberger.
The developers of the new infostiller presumably have Russian origin and speak Russian. The malware was initially offered for sale only on Russian-speaking forums, and now it is advertised in English-speaking circles. Raccoon tenants pay $200 a month; the service package includes access to an automated backend panel, hosting and technical support.
The new MaaS malware is still under active development, but experts believe that the explosive growth in the popularity of Raccoon among the cybercriminals can turn it into a serious threat – like Azorult.