BleepingComputer reports that the Racoon Stealer malware developer group has suspended operations following the death of one of their core developers amid Russia's invasion of Ukraine.
In posts on Russian-speaking cybercrime forums on Friday, the group behind Racoon Stealer noted that the developer's death during the "special operation" would no longer make the stealer's operations possible. However, the threat actors confirmed their plans to reconstruct the lost components and relaunch in the coming months. In the meantime, threat actors will be transitioning to the similar Mars Stealer operation, according to security researcher 3xport, who discovered the hacking forum posts. Another post indicated an overwhelming surge of requests at 'MarsTeam' since Racoon's announcement, with 3xport warning about a surge of Mars Stealer hacking campaigns.
Russia's invasion of Ukraine has prompted a significant movement among cybercrime actors, with a former Maze ransomware operation representative issuing the master decryptor for previous victims, as well as the exposure of the Conti ransomware group's internal chats and source code after the group had sided with Russia.
Malicious GitHub pages and YouTube videos containing links for purported cracked office software, automated trading bots, and game cheats, have been leveraged to facilitate the download of self-extracting password-protected archives.
While threat actors continued to impersonate employers on job search platforms to lure software developers into participating in an online interview that would be followed by BeaverTail malware compromise, more recent attacks entailed the deployment of a new Qt-based BeaverTail version that enabled browser credential and cryptocurrency wallet data exfiltration.