With the rise of ransomware and as-a-service offers, malware has become an ever-growing concern in the cyber realm. The developers of the Raccoon Stealer which is an information stealer have shifted their target, according to ZeroFox Threat Research.
Since the beginning of the quarter, there have been several upgrades, the most prominent of which is the installation of new “crypters.” The goal of a crypter is to obfuscate a binary by adding junk code, breaking up the flow of code without affecting the original functionality, or encrypting parts of code so that static signatures cannot identify them. Support for stealing various new bitcoin wallets has also been added, as well as the addition of Discord to the list of targeted applications.
The stealer is being bundled with malware such as malicious browser extensions, crypto miners, the Djvu/Stop consumer ransomware strain, and click-fraud bots targeting YouTube sessions, according to samples received by Sophos.
Raccoon Stealer is a sort of information stealer malware that was originally advertised in April 2019 on several underground forums by an attacker using the handle “raccoonstealer.” It can steal stored auto-fill data, cookies, credentials, credit card info, and history from Chromium-based browsers like Google Chrome and Microsoft Edge, just like most other stealers. Theft of many cryptocurrency wallets on a targeted basis is also possible. New cryptocurrencies are frequently added via updates, but it may also be customised to look for any wallet.dat file.
A “clipper” for cryptocurrency theft is included in the upgraded stealer. The QuilClipper tool specifically targets wallets and associated passwords, as well as Steam-based transaction data. “QuilClipper steals cryptocurrency and Steam transactions by continuously monitoring the system clipboard of Windows devices it infects, watching for cryptocurrency wallet addresses and Steam trade offers by running clipboard contents through a matrix of regular expressions to identify them,” the researchers noted.
In the two years after its release, the team behind Raccoon Stealer has established itself as a capable team, frequently releasing new features and gaining a mostly positive reputation among the community. They’ve also showed a readiness to add functionality in response to customer requests, as demonstrated by the recently launched API for automatically creating encrypted builds.