Raccoon Stealer

Malware updated 22 days ago (2024-11-29T14:01:33.367Z)

Download STIX

Preview STIX

Raccoon Stealer, a malware-as-a-service (MaaS) operation, emerged in 2019, designed by Russian-speaking developers to steal victims' sensitive data such as credit card information, email credentials, and cryptocurrency wallets. The malware was initially promoted exclusively on Russian-speaking hacking forums and was written in C++. Its infrastructure was hosted on a Tor site, and updates about new builds were shared via a dedicated Telegram channel. The malware gained notoriety for its use of exposed customer credentials from previous hacks, employing several infostealer malware variants including idar, Risepro, Redline, Lumma, and Metastealer. The future of Raccoon Stealer became uncertain following the arrest of Ukrainian national Mark Sokolovsky by Dutch police, under U.S. federal allegations related to his role in the malware operation. Authorities dismantled the Raccoon Stealer's infrastructure upon Sokolovsky's arrest in a joint Dutch-Italian police operation. This move disrupted the stealing of personal data from victims' computers, including login credentials, financial information, and session cookies, from dozens of applications. Despite the initial setback, Raccoon Stealer made a comeback with an updated version of the malware, resurfacing after Sokolovsky's arrest. However, operations were later suspended due to the war in Ukraine, causing uncertainty about the malware's future activities. Despite these challenges, the malware continues to pose a significant threat to users' data security, emphasizing the need for robust cybersecurity measures.

Description last updated: 2024-10-17T12:38:15.467Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Raccoon is a possible alias for Raccoon Stealer. Raccoon is a malicious software (malware) developed by Russian-speaking coders, first spotted in April 2019. It was designed to steal sensitive data such as credit card information, email credentials, cryptocurrency wallets, and more from its victims. The malware is offered as a service (MaaS) for $	5

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Ransomware

Credentials

Discord

Trojan

Cybercrime

Maas

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Lockbit Malware is associated with Raccoon Stealer. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers or	Unspecified	2
The Redline Malware is associated with Raccoon Stealer. RedLine is a type of malware, or malicious software, designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for	Unspecified	2
The Redline Stealer Malware is associated with Raccoon Stealer. The RedLine Stealer is a formidable malware that specializes in stealthily stealing credentials and sensitive information. First documented in 2020, it has since evolved to use the Windows Communication Foundation (WCF) framework and later a REST API for network communication. This malware infects s	Unspecified	2
The Vidar Malware is associated with Raccoon Stealer. Vidar is a malicious software (malware) that primarily targets Windows systems, written in C++ and based on the Arkei stealer. It has historically been favored by threat actors who sell logs through marketplaces like 2easy, alongside other infostealers such as Raccoon, RedLine, and AZORult. The malw	Unspecified	2

Source Document References

Information about the Raccoon Stealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	8 hours ago	Raccoon Infostealer operator sentenced to 60 months in prison
Securityaffairs	2 months ago	Ukrainian national pleads guilty in U.S. court for operating the Raccoon Infostealer
BankInfoSecurity	2 months ago	Ukrainian Pleads Guilty for Role in Raccoon Stealer Malware
BankInfoSecurity	6 months ago	Snowflake Hacking Spree Puts At Risk 165 Organizations
BankInfoSecurity	a year ago	Breach Roundup: Raccoon Stealer Makes a Comeback
BankInfoSecurity	10 months ago	Ukrainian Behind Raccoon Stealer Operations Extradited to US
Securityaffairs	10 months ago	A Ukrainian Raccoon Infostealer operator is awaiting trial in the US
Unit42	a year ago	Ransomware Delivery URLs: Top Campaigns and Trends
Checkpoint	2 years ago	2nd January – Threat Intelligence Report – Check Point Research
InfoSecurity-magazine	a year ago	Malware Takedowns Show Progress, But Fight Against Cybercrime Not Over
CERT-EU	a year ago	Raccoon Stealer 2.3.0 Malware - A Stealthier Comeback
CERT-EU	a year ago	Over 100K hackers fall victim to infostealer malware
CERT-EU	a year ago	Data Thieves Test-Drive Unique Certificate Abuse Tactic
Bitdefender	2 years ago	RIG Exploit Kit Swaps Dead Raccoon with Dridex
CERT-EU	a year ago	Latest RAT attack surge bypasses Microsoft's XLL block
CERT-EU	a year ago	Updated Raccoon Stealer better evades detection
CERT-EU	a year ago	Raccoon Stealer Returns With Even Stealthier Version
CERT-EU	a year ago	Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware
CERT-EU	a year ago	Malware leveraged to create massive proxy botnet
CERT-EU	a year ago	Activity of Rugmi malware loader spikes