Raccoon Stealer

Malware updated a month ago (2024-10-17T13:01:00.241Z)
Download STIX
Preview STIX
Raccoon Stealer, a malware-as-a-service (MaaS) operation, emerged in 2019, designed by Russian-speaking developers to steal victims' sensitive data such as credit card information, email credentials, and cryptocurrency wallets. The malware was initially promoted exclusively on Russian-speaking hacking forums and was written in C++. Its infrastructure was hosted on a Tor site, and updates about new builds were shared via a dedicated Telegram channel. The malware gained notoriety for its use of exposed customer credentials from previous hacks, employing several infostealer malware variants including idar, Risepro, Redline, Lumma, and Metastealer. The future of Raccoon Stealer became uncertain following the arrest of Ukrainian national Mark Sokolovsky by Dutch police, under U.S. federal allegations related to his role in the malware operation. Authorities dismantled the Raccoon Stealer's infrastructure upon Sokolovsky's arrest in a joint Dutch-Italian police operation. This move disrupted the stealing of personal data from victims' computers, including login credentials, financial information, and session cookies, from dozens of applications. Despite the initial setback, Raccoon Stealer made a comeback with an updated version of the malware, resurfacing after Sokolovsky's arrest. However, operations were later suspended due to the war in Ukraine, causing uncertainty about the malware's future activities. Despite these challenges, the malware continues to pose a significant threat to users' data security, emphasizing the need for robust cybersecurity measures.
Description last updated: 2024-10-17T12:38:15.467Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Raccoon is a possible alias for Raccoon Stealer. Raccoon is a malicious software (malware) developed by Russian-speaking coders, first spotted in April 2019. It was designed to steal sensitive data such as credit card information, email credentials, cryptocurrency wallets, and more from its victims. The malware is offered as a service (MaaS) for $
5
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Ransomware
Credentials
Discord
Trojan
Cybercrime
Maas
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with Raccoon Stealer. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit Unspecified
2
The Redline Malware is associated with Raccoon Stealer. RedLine is a type of malware, a malicious software designed to exploit and damage computer systems. It often infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. RedLine has been favored by threat actorUnspecified
2
The Redline Stealer Malware is associated with Raccoon Stealer. The RedLine Stealer is a formidable malware that specializes in stealthily stealing credentials and sensitive information. First documented in 2020, it has since evolved to use the Windows Communication Foundation (WCF) framework and later a REST API for network communication. This malware infects sUnspecified
2
The Vidar Malware is associated with Raccoon Stealer. Vidar is a malicious software (malware) that primarily targets Windows systems, written in C++ and based on the Arkei stealer. It has historically been favored by threat actors who sell logs through marketplaces like 2easy, alongside other infostealers such as Raccoon, RedLine, and AZORult. The malwUnspecified
2
Source Document References
Information about the Raccoon Stealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
a month ago
BankInfoSecurity
a month ago
BankInfoSecurity
5 months ago
BankInfoSecurity
a year ago
BankInfoSecurity
9 months ago
Securityaffairs
9 months ago
Unit42
a year ago
Checkpoint
2 years ago
InfoSecurity-magazine
10 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Bitdefender
2 years ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago