Raccoon Stealer: An example of subscription malware
Malware as a Service is a new trend in the world of cybercriminals: Raccoon Stealer is an example that has gained quite good popularity.
A new type of trojan is rapidly gaining acceptance among cybercriminals for its ability to steal sensitive information such as credit card data, cryptocurrency wallets and access credentials for email services. His name is Raccoon Stealer, he peeked out in April 2019 and has since infected hundreds of thousands of Windows devices around the world.
As the analysis company, Cybereason explains, the malware is probably of Russian origin and is mostly delivered through phishing attacks, exploits the vulnerabilities present in the target machine, both resident and on software, leverages social engineering stratagems and also exploits legitimate software downloaded from dubious websites.
After installation, the malware communicates with a Command and Control server to which it sends the data it can access, which include screenshots, credit card information, cryptocurrency wallets, browser passwords, emails and system details from the PC of the victim, but only if the device language is different from Russian, Ukrainian, Belarusian, Kazakh, Armenian, Tajik or Uzbek.
In the event of a correspondence, Raccoon immediately deactivates, giving the researchers reasonable evidence indicating that the threat actors are likely to be Russian.
And so far there would be nothing new, except that Raccoon is proposed in a model of real Malware as a Service (MaaS) with lots of promotions, among the forums of the undergrowth of the web, which indicate 24:7 support through the user ” glad0ff “, who previously has already been connected to another series of malware including the Decrux and Acrux cryptominers, the Mimosa RAT and the ProtonBot loader. Raccoon can be used by subscribing to a sort of subscription for $200 a month.
The popularity of Raccoon, despite its limited set of features, is a symptom of a growing trend in the world of malware: an important paradigm shift that sees the authors of malicious software no longer in the forefront of directly committing crimes and cyber attacks, but profit on the marketing of software and malware platforms.
