February 25, 2020 By David Bisson 2 min read

Security researchers discovered the Raccoon malware family is capable of stealing information from approximately 60 applications.

CyberArk found that Raccoon malware used the same procedure to target each application. It began by obtaining the app file that contains a user’s sensitive information. The threat then copied the file to its working folder before performing specific routines to extract and decrypt the data.

For instance, in the case of 29 Chromium-based browsers, Raccoon used sqlite3.dll to perform SQL queries against the SQLite databases housed within the “User Data” app folder. This behavior enabled the malware to obtain credit card information, browsing history, cookies and auto-login passwords.

After obtaining the data it wanted, Raccoon wrote a text file with the stolen information to its working folder. Next, it gathered all such text files into a single .zip file called “Log.zip.” The malware finished up by sending this file back to its command-and-control (C&C) server.

At the time of CyberArk’s writing, digital attackers could purchase access to Raccoon’s malware-as-a-service (MaaS) offering on the dark web for $75/week or $200/month.

Raccoon Malware’s Reception Among Digital Criminals

Raccoon has received positive feedback on underground web marketplaces. According to Cybereason, many threat actors endorsed the capabilities of the MaaS family. Some even went on to name it as a worthy replacement for the AZORult stealer. Such endorsements no doubt contributed to spikes in activity involving Raccoon malware, as observed by Recorded Future in April 2019.

That being said, Cybereason found that some advanced digital criminals rejected the malware for its lack of sophistication, features and innovation.

Defend Against MaaS Offerings With Smart Threat Detection

Security professionals need to be wary of the rise of MaaS families like Raccoon. The malware-as-a-service industry enables all types of digital criminals — even those without technical skills — to gain access to sophisticated malicious programs and make a profit from them. This model supports ongoing innovation in terms of malware capabilities, thereby further threatening the users and data that infosec personnel defend.

That being said, security professionals can help protect their organizations against threats like Raccoon malware by using artificial intelligence (AI) and machine learning to detect malicious activity, including evasive measures and attempts at exfiltrating data from the organization. They should also consider investing in a unified endpoint management (UEM) solution to gain visibility into any anomalous endpoint behavior.

More from

Change Healthcare discloses $22M ransomware payment

3 min read - UnitedHealth Group CEO Andrew Witty found himself answering questions in front of Congress on May 1 regarding the Change Healthcare ransomware attack that occurred in February. During the hearing, he admitted that his organization paid the attacker's ransomware request. It has been reported that the hacker organization BlackCat, also known as ALPHV, received a payment of $22 million via Bitcoin.Even though they made the ransomware payment, Witty shared that Change Healthcare did not get its data back. This is a…

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

How I got started: AI security researcher

4 min read - For the enterprise, there’s no escape from deploying AI in some form. Careers focused on AI are proliferating, but one you may not be familiar with is AI security researcher. These AI specialists are cybersecurity professionals who focus on the unique vulnerabilities and threats that arise from the use of AI and machine learning (ML) systems. Their responsibilities vary, but key roles include identifying and analyzing potential security flaws in AI models and developing and testing methods malicious actors could…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today