[BreachExchange] Raccoon Stealer has been Upgraded to Steal Cryptocurrency Alongside Financial Information

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Mon Sep 27 09:04:50 EDT 2021


https://www.ehackingnews.com/2021/09/raccoon-stealer-has-been-upgraded-to.html

With the rise of ransomware and as-a-service offers, malware has become an
ever-growing concern in the cyber realm. The developers of the Raccoon
Stealer which is an information stealer have shifted their target,
according to ZeroFox Threat Research.

Since the beginning of the quarter, there have been several upgrades, the
most prominent of which is the installation of new "crypters." The goal of
a crypter is to obfuscate a binary by adding junk code, breaking up the
flow of code without affecting the original functionality, or encrypting
parts of code so that static signatures cannot identify them. Support for
stealing various new bitcoin wallets has also been added, as well as the
addition of Discord to the list of targeted applications.

The stealer is being bundled with malware such as malicious browser
extensions, crypto miners, the Djvu/Stop consumer ransomware strain, and
click-fraud bots targeting YouTube sessions, according to samples received
by Sophos.

Raccoon Stealer is a sort of information stealer malware that was
originally advertised in April 2019 on several underground forums by an
attacker using the handle "raccoonstealer." It can steal stored auto-fill
data, cookies, credentials, credit card info, and history from
Chromium-based browsers like Google Chrome and Microsoft Edge, just like
most other stealers. Theft of many cryptocurrency wallets on a targeted
basis is also possible. New cryptocurrencies are frequently added via
updates, but it may also be customised to look for any wallet.dat file.

A "clipper" for cryptocurrency theft is included in the upgraded stealer.
The QuilClipper tool specifically targets wallets and associated passwords,
as well as Steam-based transaction data. "QuilClipper steals cryptocurrency
and Steam transactions by continuously monitoring the system clipboard of
Windows devices it infects, watching for cryptocurrency wallet addresses
and Steam trade offers by running clipboard contents through a matrix of
regular expressions to identify them," the researchers noted.

In the two years after its release, the team behind Raccoon Stealer has
established itself as a capable team, frequently releasing new features and
gaining a mostly positive reputation among the community. They've also
showed a readiness to add functionality in response to customer requests,
as demonstrated by the recently launched API for automatically creating
encrypted builds.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210927/8f5f8a54/attachment.html>


More information about the BreachExchange mailing list