The Raccoon stealer was first spotted in April, it was designed to steal victims’ credit card data, email credentials,
The Raccoon stealer is written in C++ by Russian-speaking developers that initially promoted it exclusively on Russian-speaking hacking forums. The malware is now promoted on English-
The analysis of the logs for sale in the underground community allowed the experts to estimate that Raccoon infected over 100,000 users worldwide at the time of its discovery.
Researchers at Cofense recently observed attackers using this technique in a wave of business email compromise (BEC) attacks.
Threat actors are hiding the malware inside an
“Threat actors continue to exploit legitimate services to trick users, as seen in the latest campaign using Raccoon Stealer malware, aimed at a financial organization and delivered by a Dropbox-hosted
The attackers delivered a phishing email to the inbox of an employee of a financial institution, the message was using a theme of a wire transfer to trick victims into opening the Dropbox URL and downloading the malicious file.
According to Cofense, in the most recent campaign, the message was sent by a compromised email account and passed
Unlike past attacks, in the last campaign, attackers attempted to exploit the Microsoft Office remote code execution vulnerability (CVE-2017-8570).
Once the malware has infected the system, it will contact the C&C sending an HTTP POST that includes the “bot ID” and “configuration ID”. In turn, the C2 location responds with a JSON object explicitly including C2 data and payload locations for libraries and additional files.
“The payload URLs currently deliver a set of DLLs, as specified by the “attachment url” and “libraries” parameters, but future development could easily allow threat actors to use Racoon Stealer as a loader for other malware to generate additional income.” concludes Cofense.
“Given the variety of delivery options, Racoon Stealer could be a problem for organizations that focus too much on one infection vector.”
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – Raccoon stealer, malware)