Raccoon Stealer

Malware updated 15 hours ago (2024-10-17T13:01:00.241Z)

Download STIX

Preview STIX

Raccoon Stealer, a malware-as-a-service (MaaS) operation, emerged in 2019, designed by Russian-speaking developers to steal victims' sensitive data such as credit card information, email credentials, and cryptocurrency wallets. The malware was initially promoted exclusively on Russian-speaking hacking forums and was written in C++. Its infrastructure was hosted on a Tor site, and updates about new builds were shared via a dedicated Telegram channel. The malware gained notoriety for its use of exposed customer credentials from previous hacks, employing several infostealer malware variants including idar, Risepro, Redline, Lumma, and Metastealer. The future of Raccoon Stealer became uncertain following the arrest of Ukrainian national Mark Sokolovsky by Dutch police, under U.S. federal allegations related to his role in the malware operation. Authorities dismantled the Raccoon Stealer's infrastructure upon Sokolovsky's arrest in a joint Dutch-Italian police operation. This move disrupted the stealing of personal data from victims' computers, including login credentials, financial information, and session cookies, from dozens of applications. Despite the initial setback, Raccoon Stealer made a comeback with an updated version of the malware, resurfacing after Sokolovsky's arrest. However, operations were later suspended due to the war in Ukraine, causing uncertainty about the malware's future activities. Despite these challenges, the malware continues to pose a significant threat to users' data security, emphasizing the need for robust cybersecurity measures.

Description last updated: 2024-10-17T12:38:15.467Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Raccoon is a possible alias for Raccoon Stealer. Raccoon is a malicious software (malware) developed by Russian-speaking coders, first spotted in April 2019. It was designed to steal sensitive data such as credit card information, email credentials, cryptocurrency wallets, and more from its victims. The malware is offered as a service (MaaS) for $	5

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Ransomware

Credentials

Discord

Trojan

Cybercrime

Maas

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Lockbit Malware is associated with Raccoon Stealer. LockBit is a notorious malware that operates on a ransomware-as-a-service model, which has been responsible for significant cyber attacks across the globe. One of its most high-profile targets was Boeing, from whom the LockBit gang claimed to have stolen data. This incident not only disrupted operat	Unspecified	2
The Redline Malware is associated with Raccoon Stealer. RedLine is a type of malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, RedLine can steal personal information, disrupt operations, or deliver further	Unspecified	2
The Redline Stealer Malware is associated with Raccoon Stealer. RedLine Stealer is a type of malware, or malicious software, that infiltrates computer systems with the intent to exploit and cause damage. It typically gains access through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside the system, it can steal personal i	Unspecified	2
The Vidar Malware is associated with Raccoon Stealer. Vidar is a malicious software (malware) that operates as an infostealer, primarily targeting Windows-based systems. It's written in C++ and is based on the Arkei stealer. Vidar is part of a broader landscape of malware threats such as Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo,	Unspecified	2

Source Document References

Information about the Raccoon Stealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	9 days ago	Ukrainian national pleads guilty in U.S. court for operating the Raccoon Infostealer
BankInfoSecurity	10 days ago	Ukrainian Pleads Guilty for Role in Raccoon Stealer Malware
BankInfoSecurity	4 months ago	Snowflake Hacking Spree Puts At Risk 165 Organizations
BankInfoSecurity	a year ago	Breach Roundup: Raccoon Stealer Makes a Comeback
BankInfoSecurity	8 months ago	Ukrainian Behind Raccoon Stealer Operations Extradited to US
Securityaffairs	8 months ago	A Ukrainian Raccoon Infostealer operator is awaiting trial in the US
Unit42	a year ago	Ransomware Delivery URLs: Top Campaigns and Trends
Checkpoint	2 years ago	2nd January – Threat Intelligence Report – Check Point Research
InfoSecurity-magazine	9 months ago	Malware Takedowns Show Progress, But Fight Against Cybercrime Not Over
CERT-EU	a year ago	Raccoon Stealer 2.3.0 Malware - A Stealthier Comeback
CERT-EU	a year ago	Over 100K hackers fall victim to infostealer malware
CERT-EU	a year ago	Data Thieves Test-Drive Unique Certificate Abuse Tactic
Bitdefender	2 years ago	RIG Exploit Kit Swaps Dead Raccoon with Dridex
CERT-EU	a year ago	Latest RAT attack surge bypasses Microsoft's XLL block
CERT-EU	a year ago	Updated Raccoon Stealer better evades detection
CERT-EU	a year ago	Raccoon Stealer Returns With Even Stealthier Version
CERT-EU	9 months ago	Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware
CERT-EU	a year ago	Malware leveraged to create massive proxy botnet
CERT-EU	10 months ago	Activity of Rugmi malware loader spikes
CERT-EU	a year ago	'Muddled Libra' Uses Oktapus-Related Smishing to Target Outsourcing Firms