Safety specialists from on-line platform Zscaler have revealed an evaluation of the brand new variant of the identified Raccoon Stealer malware.
Writing in an advisory final Friday, Zscaler stated the brand new model of the malware is written in C, not like earlier variations which had been primarily written in C++.
Raccoon Stealer 2.0 contains a new back-end and front-end, and code to steal credentials and different knowledge extra effectively.
The novel model of the credential stealer also can work on 32 and 64-bit programs with out the necessity for any further dependencies, as an alternative fetching eight reliable DLLs straight from its C2 servers (as an alternative of counting on Telegram Bot API).
The C2 can be answerable for the malware’s configuration, together with apps to focus on, URL internet hosting the DLLs, and tokens for knowledge exfiltration. The servers then obtain machine fingerprint knowledge and look forward to particular person POST requests containing stolen info.
The sorts of knowledge stolen by Raccoon Stealer 2.0 reportedly embody system fingerprinting data, browser passwords, cookies, autofill knowledge and saved bank cards, cryptocurrency wallets, recordsdata positioned on all disks, screenshots and put in utility lists.
“We now have additionally seen a change in how Raccoon Stealer v2 hides its intentions through the use of a mechanism the place API names are dynamically resolved quite than being loaded statically,” Zscaler wrote.
For context, the Raccoon Stealer operation reportedly shut down in March 2022, following the dying of one of many lead builders throughout Russia’s invasion of Ukraine.
The staff then wrote on darkish net boards saying they’d return, in line with an evaluation from safety analysts at Sekoia, with a weblog publish on an undisclosed darkish net discussion board suggesting the Raccoon Stealer 2.0 was already below growth in Could.
“Raccoon Stealer bought as Malware-as-a-Service has turn into fashionable over the previous few years, and a number of other incidents of this malware have been noticed,” reads the Zscaler evaluation.
“The Authors of this malware are always including new options to this household of malware. That is the second main launch of the malware after the primary launch in 2019. This reveals that the malware is more likely to evolve and stay a continuing risk to organizations.”
