Security researchers discovered the Raccoon malware family is capable of stealing information from approximately 60 applications.

CyberArk found that Raccoon malware used the same procedure to target each application. It began by obtaining the app file that contains a user’s sensitive information. The threat then copied the file to its working folder before performing specific routines to extract and decrypt the data.

For instance, in the case of 29 Chromium-based browsers, Raccoon used sqlite3.dll to perform SQL queries against the SQLite databases housed within the “User Data” app folder. This behavior enabled the malware to obtain credit card information, browsing history, cookies and auto-login passwords.

After obtaining the data it wanted, Raccoon wrote a text file with the stolen information to its working folder. Next, it gathered all such text files into a single .zip file called “Log.zip.” The malware finished up by sending this file back to its command-and-control (C&C) server.

At the time of CyberArk’s writing, digital attackers could purchase access to Raccoon’s malware-as-a-service (MaaS) offering on the dark web for $75/week or $200/month.

Raccoon Malware’s Reception Among Digital Criminals

Raccoon has received positive feedback on underground web marketplaces. According to Cybereason, many threat actors endorsed the capabilities of the MaaS family. Some even went on to name it as a worthy replacement for the AZORult stealer. Such endorsements no doubt contributed to spikes in activity involving Raccoon malware, as observed by Recorded Future in April 2019.

That being said, Cybereason found that some advanced digital criminals rejected the malware for its lack of sophistication, features and innovation.

Defend Against MaaS Offerings With Smart Threat Detection

Security professionals need to be wary of the rise of MaaS families like Raccoon. The malware-as-a-service industry enables all types of digital criminals — even those without technical skills — to gain access to sophisticated malicious programs and make a profit from them. This model supports ongoing innovation in terms of malware capabilities, thereby further threatening the users and data that infosec personnel defend.

That being said, security professionals can help protect their organizations against threats like Raccoon malware by using artificial intelligence (AI) and machine learning to detect malicious activity, including evasive measures and attempts at exfiltrating data from the organization. They should also consider investing in a unified endpoint management (UEM) solution to gain visibility into any anomalous endpoint behavior.

More from

OneNote, Many Problems? The New Phishing Framework

There are plenty of phish in the digital sea, and attackers are constantly looking for new bait that helps them bypass security perimeters and land in user inboxes.Their newest hook? OneNote documents. First noticed in December 2022, this phishing framework has seen success in fooling multiple antivirus (AV) tools by using .one file extensions, and January 2023 saw an attack uptick as compromises continued.While this novel notes approach will eventually be phased out as phishing defenses catch up, current conditions…

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

LastPass Breaches Cast Doubt on Password Manager Safety

In 2022, LastPass suffered a string of security breaches which sparked concern among cyber professionals and those impacted by the intrusions. Some called into question the way LastPass handled and responded to the incident. In addition, the situation ignited a wider conversation about the risks linked to utilizing password managers.A password manager helps users generate strong passwords and safeguards them within a digital locker. A master password secures all data, which enables users to conveniently access all their passwords for…

The Role of Finance Departments in Cybersecurity

Consumers are becoming more aware of the data companies collect about them, and place high importance on data security and privacy. Though consumers aren’t aware of every data breach, they are justifiably concerned about what happens to the data companies collect. A recent study of consumer views on data privacy and security revealed consumers are more careful about sharing data. The majority of respondents (87%) say they wouldn’t do business with companies that appear to have weak security. Study participants also…