Raccoon Stealer has reemerged with an updated malware version just three months after the operation had shut down after the death of one of its lead developers amid the Russian invasion of Ukraine, reports BleepingComputer.
Hacking forums have been promoting Raccoon Stealer 2.0, a ground-up version based on the C/C++ programming language that includes novel front-end, back-end, and code for credential and data theft, according to a report from Sekoia. The new Raccoon Stealer could compromise both 32- and 64-bit systems without the need for dependencies to retrieve legitimate DLLs from its command-and-control servers. Aside from stealing basic system fingerprinting data and browser-stored information, the updated Raccoon Stealer could also exfiltrate cryptocurrency wallets and web browser extensions, individual files, and installed applications lists, as well as capture screenshots.
"We expect a resurgence of Raccoon Stealer v2, as developers implemented a version tailored to the needs of cybercriminals (efficiency, performance, stealing capabilities, etc.) and scaled their backbone servers to handle large loads," said researchers.
Aside from featuring over 40 million signals from the DNS Research Federation's data platform and the Global Anti-Scam Alliance's comprehensive stakeholder network, the Global Signal Exchange will also contain more than 100,000 bad merchant URLs and one million scam signals from Google.
While some threat actors established fraudulent disaster relief websites as part of phishing attacks aimed at exfiltrating financial details and Social Security numbers from individuals seeking aid, others impersonated Federal Emergency Management Agency assistance providers to create fake claims that enabled relief fund and personal data theft.
Malicious GitHub pages and YouTube videos containing links for purported cracked office software, automated trading bots, and game cheats, have been leveraged to facilitate the download of self-extracting password-protected archives.