"Credential Stealer Malware Raccoon Updated to Obtain Passwords More Efficiently"
Security experts at Zscaler have analyzed the new variant of the known Raccoon Stealer malware. The researchers stated that the latest version of the malware is written in C, unlike previous versions, which were mainly written in C++. Raccoon Stealer 2.0 features a new back-end and front-end and code to steal credentials and other data more efficiently. The researchers noted that the novel version of the credential stealer can also work on 32 and 64-bit systems without needing any extra dependencies and fetches eight legitimate DLLs directly from its C2 servers (instead of relying on Telegram Bot API). The researchers stated that the C2 is also responsible for the malware’s configuration, including apps to target, URL hosting the DLLs, and tokens for data exfiltration. The servers receive machine fingerprint data and wait for individual POST requests containing stolen information. The researchers noted that the types of data stolen by Raccoon Stealer 2.0 reportedly include system fingerprinting info, browser passwords, cookies, autofill data and saved credit cards, cryptocurrency wallets, files located on all disks, screenshots, and installed application lists. The researchers also have seen a change in how Raccoon Stealer 2.0 hides its intentions by using a mechanism where API names are dynamically resolved rather than being loaded statically.