Sekoia researchers have discovered a new version of the Raccoon Stealer malware, which is sold on hacker forums and offers advanced password stealing capabilities.
On June 2, the project operator announced that testing of Raccoon Stealer 2.0 has been going on for 2 weeks.
Let me remind you that we also wrote that Raspberry Robin Malware Has Worm Features and Abuses Windows Installer, and also that SVCReady Malware Loader Uses Microsoft Office Documents for Attack.
According to the malware authors, the new version of Raccoon was built from the ground up using C/C++, with a new interface and backend, and data stealing code. Raccoon Stealer 2.0 steals the following data:
- Basic information about system fingerprints;
- Browser passwords, cookies, autofill data and saved credit cards;
- Crypto wallets and browser extensions;
- Separate files located on all drives;
- List of installed applications.
Although the malware authors claim that the exfiltrated data is encrypted, Sekoia did not detect the encryption feature in the analyzed sample. The new Raccoon sends data after each item is collected, which increases the risk of discovery but maximizes efficiency until the software is exposed and removed from the host.
Raccoon Stealer 2.0 malware is currently only available to a limited number of hackers (most likely previous clients). The software costs $275 per month or $125 per week.
Previously, the developers of the RIG Exploit Kit replaced the outdate Raccoon Stealer Trojan in early 2022, as its lead developer was killed during the Russian attack on Ukraine.