Racoon Stealer is back – how to protect your organization

Racoon Stealer as a Service malware gained notoriety a few years ago for its ability to extract data stored in a web browser. This data originally included passwords and cookies, which can sometimes authenticate a recognized device without entering a password. Racoon Stealer has also been designed to steal autofill data, which can include a huge amount of personal information ranging from basic contact details to credit card numbers. As if all that wasn’t enough, Racoon Stealer also had the ability to steal cryptocurrencies and steal (or delete) files from an infected system.

As bad as the Racoon Stealer is, its developers have recently created a new version that deals much more damage than the previous version.

raccoon thief



New Raccoon Thief Abilities

The new version of Raccoon Stealer still has the ability to steal browser passwords, cookies, and autofill data. It also has the ability to steal all the credit card numbers stored in the browser.

Moreover, the latest version of Raccoon Stealer is much more efficient than its predecessor when it comes to stealing cryptocurrencies. Raccoon Stealer can attack not only cryptocurrency wallets, but also many cryptocurrency-related browser plugins.

The Raccoon Stealer developers have also extended the malware’s ability to collect file data. While the previous version was eventually improved to allow individual files to be stolen, the latest version can steal files regardless of the drive they are on. In addition, the new version of Raccoon Stealer can collect a list of applications installed on the computer, which can help an attacker find out what types of data files might exist and should be stolen.

Perhaps most disturbing is that Raccoon Stealer is capable of taking screenshots from an infected system. Screenshots can be used for countless nefarious purposes. For example, an attacker could see someone enter payment information related to a purchase and take a screenshot of the payment screen, thereby capturing not only the credit card number, but all the additional information that might be needed to use the credit. card (for example, card security code, name and address of the cardholder). Of course, the screenshot feature can be used to steal any type of sensitive data, and an attacker who takes such a screenshot can use it as the basis for a cyber extortion scheme.

Defending against this latest version of Raccoon Stealer is largely down to adhering to long-established security best practices. For example, you should never click on a link or open an attachment in a message unless you know the sender. Even if you know the sender, it’s important to take the time to authenticate the message before clicking on links or opening attachments. After all, attackers often spoof message headers in such a way that it looks like the malicious message was sent by someone you know. End user education is vital to your organization, be sure to educate your employees about the do’s and don’ts of online security.

It is also extremely important to keep your operating system and applications up to date with the latest security patches. Similarly, you should avoid running outdated applications that are no longer updated. This is especially true for browsers as the main purpose of Raccoon Stealer.

You need to make sure that anti-malware protection is installed on all your systems and that this anti-malware protection is constantly updated. Don’t just assume updates are regularly downloaded and installed – take the time to periodically check when the most recent malware signature has been added.

Finally, embrace the idea that no system is 100% secure against malware. In the case of Raccoon Stealer, for example, one wrong click is enough to infect the system. Even an experienced IT security professional can potentially become a victim if they momentarily get distracted and accidentally click on something they shouldn’t. If this happens, we hope that the anti-malware software will prevent the system from getting infected, but the possibility of infection still exists.

The problem is that, unlike ransomware, which displays a banner with a notification on the screen of an infected system, Raccoon Stealer tends to be invisible. You may not immediately know that your system has been compromised. An unconventional but effective way to detect such an infection would be to use security tools such as Specops Password Policy.

Specops maintains a database of billions of credentials known to be compromised and can alert users using passwords that appear in this database. Since Racoon Stealer specifically targets cached passwords, it is likely that passwords stolen during infection will soon appear on the dark web and be added to the Specops database.

This means that even if your antivirus software does not detect a Racoon Stealer infection, the sudden discovery that your passwords have been compromised is a clear signal that a security incident has occurred.

Test Specops password policy tools in Active Directory for free.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.