Security industry experts from on the net system Zscaler have published an analysis of the new variant of the acknowledged Raccoon Stealer malware.
Creating in an advisory last Friday, Zscaler said the new version of the malware is published in C, contrary to past variations which have been predominantly prepared in C++.
Raccoon Stealer 2. options a new again-close and front-end, and code to steal qualifications and other data additional competently.
The novel variation of the credential stealer can also perform on 32 and 64-little bit programs without having the will need for any extra dependencies, in its place fetching eight reputable DLLs right from its C2 servers (in its place of relying on Telegram Bot API).
The C2 is also dependable for the malware’s configuration, such as apps to focus on, URL hosting the DLLs, and tokens for facts exfiltration. The servers then acquire equipment fingerprint details and hold out for personal Publish requests containing stolen facts.
The sorts of information stolen by Raccoon Stealer 2. reportedly include things like process fingerprinting data, browser passwords, cookies, autofill details and saved credit history playing cards, cryptocurrency wallets, documents located on all disks, screenshots and installed application lists.
“We have also witnessed a change in how Raccoon Stealer v2 hides its intentions by making use of a mechanism exactly where API names are dynamically solved somewhat than being loaded statically,” Zscaler wrote.
For context, the Raccoon Stealer operation reportedly shut down in March 2022, following the demise of a person of the direct builders for the duration of Russia’s invasion of Ukraine.
The staff then wrote on dark web community forums indicating they would return, in accordance to an assessment from security analysts at Sekoia, with a website submit on an undisclosed dark web discussion board suggesting the Raccoon Stealer 2. was previously under advancement in Might.
“Raccoon Stealer offered as Malware-as-a-Assistance has become preferred about the earlier several a long time, and various incidents of this malware have been noticed,” reads the Zscaler analysis.
“The Authors of this malware are continually incorporating new options to this spouse and children of malware. This is the 2nd key release of the malware following the 1st release in 2019. This displays that the malware is very likely to evolve and remain a continuous risk to companies.”
Some components of this short article are sourced from: