"'Raccoon Stealer' Scurries Back on the Scene After Hiatus"

Three months after ceasing operations due to the death of its lead developer in Ukraine, the creators of "Raccoon Stealer," one of the most prolific information stealers of 2021, have launched a new and enhanced version of the malware. Researchers from the French cybersecurity company Sekoia have reported discovering live servers hosting Raccoon Stealer files earlier this month while looking for indications of the malware. The malware's creators had been selling the new version via their Telegram channel at least since May 17. According to Sekoia, the malware and administrative interface for Raccoon Stealer were completely rewritten by the malware's creators. The effectiveness and performance of the stealer appear to have been their main goals. The new Raccoon Stealer is fundamentally still a traditional information stealer, with a stronger emphasis on cryptocurrency wallets. It was made to steal information from most modern browsers, including passwords, cookies, credit card data, and autofill forms. Electrum, Exodus, MetaMask, and Coinomi are just a few of the desktop cryptocurrency wallets that the malware targets. Sekoia discovered that Raccoon Stealer V2 also included features for exfiltrating files from compromised computers, installing additional software on the systems, taking screenshots, logging keystrokes, and more. In a report summarizing its investigation last week, Sekoia noted that the malware employs almost no defense evasion tactics, such as anti-analysis or obfuscation. However, the researchers warned that those features will likely be added in the near future. This article continues to discuss the new and improved version of the Raccoon Stealer malware. 

Dark Reading reports "'Raccoon Stealer' Scurries Back on the Scene After Hiatus"