In pirated software, a improvised version of the Raccoon Stealer has been discovered. The attackers appear to have added additional cryptocurrency-harvesting tools to their arsenal.
Raccoon Stealer has gotten major updates, according to research conducted by Sophos Labs.
The platform currently offers ready-to-use services for stealing passwords or authentication cookies stored inside web browsers, with the majority of its customers being novice or want tobe hackers.
Instead of using traditional email-based attacks, it now uses Google SEO capabilities to advertise their phoney cracked software website.
Software piracy tools, programs to crack licensed software for illicit use or keygen programs, are being used as bait to develop registration keys for various software.
Raccoon’s infrastructure revealed 60 subdomains under the domain xsph[.]ru, 21 of which were active. They were registered with SprintHost[.]ru, a Russian hosting company.
The Raccoon campaign was successful in spreading other malware, stealing cookies and credentials, and unlawfully selling them to steal $13,200 in cryptocurrency.
Cryptominers, clippers, malicious browser extensions, YouTube click-fraud bots, and Djvu/Stop ransomware are among the additional malware delivered to victims after infection.
The malware that was deployed appears to be part of the droppers-as-a-service used by some of the Racoon Stealer’s affiliates, and may not be directly linked to the Racoon Stealer’s operators.
Packaging cracked software that is used for malicious purposes is not a new thing. Furthermore, the new Raccoon Stealer update shows that the cyber threat landscape is already becoming commercialised. Malicious tools and services have become more accessible than ever before, resulting in a significant increase in cybercrime around the world.