Personal Data Under Attack: Raccoon Stealer Is Back!

The Raccoon Stealer trojan is on the prowl! It steals confidential information, including login and credit card details. More details in the blog!

Aug 12, 2022 - 3 min.

Raccoons are brilliant animals active during the twilight hours and at night and eat almost everything they find. Despite this, they pose no threat to us humans – unlike the Raccoon Stealer malware that takes its name from these furry friends.

Raccoon Stealer is a malware that operates as a trojan horse – one that is usually distributed by spam emails or concealed within dubious downloads of cracked software, illegal license codes for Office software and games or fake patches for popular games. 

Our advice right off the bat is to steer clear of suspicious websites and to pay for genuine software. Otherwise, you run the risk of unwittingly downloading a dangerous trojan such as Raccoon Stealer and possibly having to cough up far greater sums of money.

What makes Raccoon Stealer so dangerous?

Raccoon Stealer has been wreaking havoc in cyberspace since 2019. It can access the web browsers of infected systems and extract important personal data ranging from simple contact details and information about the computer configuration used all the way to login data for online shops or banking data and credit card numbers. 

Raccoon Stealer 2.0 now also targets crypto wallets

However, Raccoon Stealer soon announced that it was back and more powerful than ever before. It can now steal personal data stored in browsers and assets held in cryptocurrencies. Its methods for doing this include accessing the browser extensions with which users manage their crypto wallets. By deploying Clipper malware, Raccoon Stealer can read out and modify the data used in cryptocurrency transactions, for example. Raccoon Stealer also has the ability to manipulate files on its victims' systems and can even take screenshots of the systems it attacks – for example, to acquire the verification codes for credit card numbers or to gather compromising material for online extortion purposes. 

A new feature of the latest Raccoon version is that it uses channels of the Telegram instant-messenger service to communicate with the command and control servers operated by cybercriminals. These ‘C&C’ servers allow the hackers to send commands to the malware to execute program code or to initiate other actions.

At a glance: Raccoon Stealer can extract the following information from infected systems

  • Passwords and login data 
  • Browser cookies
  • The autofill data stored in browsers to enable automatic logins to user accounts
  • Information from crypto wallets
  • Information from emails and social media platforms such as Facebook and Instagram
  • Business and/or private online contacts 
  • System information about the hardware and software used
  • IP addresses and geographical location information

Consequently, the Raccoon malware offers cybercriminals numerous ways to use the stolen data to cause enormous damage – including utilising stolen user contacts to infiltrate other systems. 

A flourishing trade in Raccoon Stealer among cybercriminals makes the trojan even more dangerous

It is not only the developers themselves who use Raccoon Stealer to pilfer online data from the victims of their attacks. They also ‘lease’ their trojan software to other criminals on hacker forums at a cost of £65 monthly or £165 annually – an absolute steal given the potential spoils that the new version of Raccoon Stealer promises. This is causing the insidious malware to spread rapidly worldwide. 

Raccoon Stealer is incredibly convenient for its users because it is distributed exclusively by the developers. They even provide subscribers with an administration board from which they can download any information gathered by Raccoon Stealer. 

Many of these 'subscribers’ use Raccoon Stealer to circulate other types of malicious software – such as harmful browser add-ons or the highly dangerous ransomware Djvu, which encrypts the data on infected systems and instructs the victim to request a decryption tool in return for a ransom payment.

Raccoon Stealer targets companies and organisations as well as private individuals

Raccoon Stealer targets companies and private individuals in equal measure. Good antivirus and anti-spyware programs can usually detect and repel attacks by Raccoon Stealer malware. 

Nevertheless, extreme vigilance is required because this raccoon finds its way into computers from the above-mentioned suspicious sources of illegal or counterfeit software and spam emails containing malicious file attachments. One wrong and ill-considered click can prove fatal. 

Another method of sneaking Raccoon Stealer into computers is social engineering – where cybercriminals attempt to persuade a user that an email or a phone call is from a trustworthy individual who is known to that user. Those who are tricked into disclosing sensitive information have already fallen into the trap. 

What is the best way to protect yourself against Raccoon Stealer?

Checking emails and their sender carefully to ensure they are genuine before opening any attachments or disclosing confidential information is always recommended.

Dubious and insecure websites are to be avoided at all costs – as are downloads from suspicious sources.

Summary: caution and effective antivirus software are your best protection against marauding cyber-raccoons!


Download now