Racoon: Data thief steals information from browsers and crypto wallets
Raccoon: Data thief steals information from browsers and crypto wallets
Malware that steals data on a grand scale is nothing unusual. Using an example of a currently active data thief, security researchers are now explaining the attackers' principle and warning of its spread.
Cyber criminals are making money with malware-as-a-service (MaaS). They offer malicious code for "rent", which can then spy on a victim's PC. As the online magazine Bleeping Computer reports, another such network has now come to light at the security service provider CyberArk Software. It is a so-called Infostealer, i.e. a data thief called Raccoon. The malware is also active under the names Legion, Mohazo and Racealer.
Malware-As-A-Service
The new thing about these malware programs is that they are distributed as a Malware-As-A-Service with low entry barriers: Anyone who finds the offer only needs a little money. No prior knowledge is required. In the past, such tools were reserved for more sophisticated attackers at best, explains CyberArk. Now, even beginners can buy data thieves like Raccoon to gain access to the sensitive data of an organization or any target.
Raccoon specializes in extracting sensitive data from around 60 applications on a target computer. These include popular web browsers such as Google Chrome, Internet Explorer and Opera, as well as niche clients such as TorBro, Mustang and Torch.
Spread is increasing
Raccoon was first discovered around a year ago, when it was still being distributed via Russian-language forums. Now, according to CyberArk, the tool can also be found in English-speaking countries. An analysis by CyberArk revealed that the Infostealer is written in C++ and is far from being a complex tool. However, it can steal sensitive and confidential information from almost 60 programs (browsers, crypto wallets, email and FTP clients). This includes cookies, history and autofill information.
Raccoon reaches its victims via exploit kits and phishing, among other things. Despite the simplicity of the malware, it has already infected hundreds of thousands of computers worldwide.
Applications that Raccoon steals from:
- Browsers:
- Google Chrome, Google Chrome (Chrome SxS), Chromium, Xpom, Comodo Dragon, Amigo, Orbitum, Bromium, Nichrome, RockMelt, 360Browser, Vivaldi, Opera, Sputnik, Kometa, Uranium, QIP Surf, Epic Privacy, CocCoc, CentBrowser, 7Star, Elements, TorBro, Suhba, Safer Browser, Mustang, Superbird, Chedot, Torch
- Internet Explorer, Microsoft Edge
- Firefox, WaterFox, SeaMonkey, PaleMoon
- Email clients:
- ThunderBird, Outlook, Foxmail
- Crypto wallets:
- Electrum, Ethereum, Exodus, Jaxx, Monero, Bither