Security researchers discovered the Raccoon malware family is capable of stealing information from approximately 60 applications.

CyberArk found that Raccoon malware used the same procedure to target each application. It began by obtaining the app file that contains a user’s sensitive information. The threat then copied the file to its working folder before performing specific routines to extract and decrypt the data.

For instance, in the case of 29 Chromium-based browsers, Raccoon used sqlite3.dll to perform SQL queries against the SQLite databases housed within the “User Data” app folder. This behavior enabled the malware to obtain credit card information, browsing history, cookies and auto-login passwords.

After obtaining the data it wanted, Raccoon wrote a text file with the stolen information to its working folder. Next, it gathered all such text files into a single .zip file called “Log.zip.” The malware finished up by sending this file back to its command-and-control (C&C) server.

At the time of CyberArk’s writing, digital attackers could purchase access to Raccoon’s malware-as-a-service (MaaS) offering on the dark web for $75/week or $200/month.

Raccoon Malware’s Reception Among Digital Criminals

Raccoon has received positive feedback on underground web marketplaces. According to Cybereason, many threat actors endorsed the capabilities of the MaaS family. Some even went on to name it as a worthy replacement for the AZORult stealer. Such endorsements no doubt contributed to spikes in activity involving Raccoon malware, as observed by Recorded Future in April 2019.

That being said, Cybereason found that some advanced digital criminals rejected the malware for its lack of sophistication, features and innovation.

Defend Against MaaS Offerings With Smart Threat Detection

Security professionals need to be wary of the rise of MaaS families like Raccoon. The malware-as-a-service industry enables all types of digital criminals — even those without technical skills — to gain access to sophisticated malicious programs and make a profit from them. This model supports ongoing innovation in terms of malware capabilities, thereby further threatening the users and data that infosec personnel defend.

That being said, security professionals can help protect their organizations against threats like Raccoon malware by using artificial intelligence (AI) and machine learning to detect malicious activity, including evasive measures and attempts at exfiltrating data from the organization. They should also consider investing in a unified endpoint management (UEM) solution to gain visibility into any anomalous endpoint behavior.

More from

Cloud Workload Protection Platforms: An Essential Shield

2 min read - Businesses of all sizes increasingly rely on cloud computing to power their operations. This shift has brought with it a new set of security challenges. To protect their workloads in the cloud, many of these businesses are deploying a critical tool for cloud security: cloud workload protection platforms (CWPPs).What are Cloud Workload Protection Platforms?CWPPs are comprehensive security solutions designed specifically for cloud-based environments. They provide advanced protection and threat detection capabilities to safeguard cloud workloads and guarantee the confidentiality, integrity…

2 min read

Is Open-Source Security a Ticking Cyber Time Bomb?

4 min read - Software depends on layers of code, and much of that code comes from open-source libraries. According to an Octoverse 2022 report, open-source code is used in 97% of applications. Not only do developers embrace open source, but so do nine in 10 companies. “Open-source software is the foundation of 99% of the world’s software,” Martin Woodward, VP of developer relations at GitHub, told VentureBeat.As the foundation of just about every piece of software, every application or device runs on code that…

4 min read

Threat Sharing Evolution: How Groups Offer Less Risk and Better Intelligence to Members

16 min read - Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. In 2019, the World Economic Forum advocated for increased threat intelligence sharing by arguing that cybersecurity is a “public good.” Meaning, if organizations — both public and private — share threat information across groups, everyone has a clearer picture of the threat landscape and with it, the ability to better defend against increasingly aggressive and sophisticated threat actors. In response, multiple threat-sharing groups have sprung to life,…

16 min read

How to Manage Cyber Risk During Mergers and Acquisitions

4 min read - By attracting attention from threat actors, merger and acquisition (M&A) events are a significant source of cyber crime risk. So much so that, according to a 2020 IBM Institute of Business Value study, more than one in three executives said they experienced data breaches that can be attributed to M&A activity during integration.Security ratings, provided by security rating services (SRS), can deliver an overview of risk to stakeholders. But attack surface management (ASM) tools give security teams actionable insight on…

4 min read