Raccoon malware is unsophisticated, yet praised by the most in the dark community. This malware is created simple and is sold in the dark web for low prices and is bought of several for their first-hand access into the victim’s system. It’s so popular that, there are hundreds of thousands of systems being infected with Raccoon malware, and cybercriminals actively buy it.
Malware-as-a-service
Raccoon malware was first popular in Russian forums, and then made its way into English forums where it’s actively sold for $75/week or $200/month. This purchase allows buyers to access the administrative dashboard where they can retrieve the stolen data, download builds of malware and even customize it to form their own malware. That’s how malware like Legion, Mohazo, and Racealer came up.
Price < Service
It’s gained traction due to its offering. For the price of less than $100, it allows cybercriminal customers to gain information from over 60 softwares! These apps include:
- Browsers – includes the popular names apps as Google Chrome, Mozilla Firefox, Microsoft Edge, Internet Explorer, Opera, Vivaldi, UC Browser etc. It can extract information of autofills, cookies and browsing history.
- Cryptocurrency wallets – It can steal keys and other information belonging to cryptocurrencies of popular wallet services like Electrum, Ethereum, Exodus, Jaxx, and Monero.
- Email clients – stealing data from several email clients like Thunderbird, Outlook, and Foxmail.
Aside these, it also steals and packs data belong to system specifications and configurations into another file and exports all the data into a text file for exfiltration. After all, this malware can even be configured to act a door for dropping other malware later.
As other malicious malware, Raccoon malware too infects any system by common procedures as phishing attacks, exploit kits or by PUA (potentially unwanted apps) downloaded by the user. This was so popular in underground forums and has many positive reviews from the community.
Via: BleepingComputer
