Beta Version of Raccoon Stealer 2.0 Malware with Improved Features Is Available for Purchase

Sekoia researchers have discovered a new version of the Raccoon Stealer malware, which is sold on hacker forums and offers advanced password stealing capabilities.

On June 2, the project operator announced that testing of Raccoon Stealer 2.0 has been going on for 2 weeks.

Let me remind you that we also wrote that Raspberry Robin Malware Has Worm Features and Abuses Windows Installer, and also that SVCReady Malware Loader Uses Microsoft Office Documents for Attack.

According to the malware authors, the new version of Raccoon was built from the ground up using C/C++, with a new interface and backend, and data stealing code. Raccoon Stealer 2.0 steals the following data:

  1. Basic information about system fingerprints;
  2. Browser passwords, cookies, autofill data and saved credit cards;
  3. Crypto wallets and browser extensions;
  4. Separate files located on all drives;
  5. Screenshot;
  6. List of installed applications.

Although the malware authors claim that the exfiltrated data is encrypted, Sekoia did not detect the encryption feature in the analyzed sample. The new Raccoon sends data after each item is collected, which increases the risk of discovery but maximizes efficiency until the software is exposed and removed from the host.

Raccoon Stealer 2.0 malware is currently only available to a limited number of hackers (most likely previous clients). The software costs $275 per month or $125 per week.

We anticipate a resurgence of Raccoon Stealer v2 as the developers implemented a version tailored to the needs of cybercriminals (efficiency, performance, theft capabilities, etc.) and scaled their servers to handle heavy workloads.Sekoia said in the report.

Previously, the developers of the RIG Exploit Kit replaced the outdate Raccoon Stealer Trojan in early 2022, as its lead developer was killed during the Russian attack on Ukraine.

RIG Exploit Kit is known to be used in conjunction with stealers such as RedLine. The campaign tracked by Bitdefender has taken an unexpected turn in February when Raccoon Stealer came to a temporary halt as one of the lead developers was killed in the Russian invasion of Ukraine. Despite the stealer no longer being operational anymore, threat actors operating this RIG campaign have rapidly adapted by replacing Raccoon malware with Dridex to make the most of the ongoing campaign.Bitdefender experts wrote.

Leave a Comment

About William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several months after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master's degree in cybersecurity, I've started working as a virus analyst in a little anti-malware vendor.