Bitdefender researchers recently observed that the RIG exploit kit was replacing Raccoon Stealer with the Dridex trojan as part of a campaign that began in January. The change in strategy came as a result of Raccoon Stealer briefly closing its doors in February.
However, according to a recent assessment, the Raccoon Stealer is showing signs of life and is poised to make a significant comeback in the information stealer industry.
Raccoon Stealer's operations were abruptly halted on March 25, 2022, after previously being sold on underground forums under the Malware-as-a-Service (MaaS) model since early 2019.
The operations were stopped owing to the loss of a developer in the Russia-Ukraine conflict. At the time, the malware's profile on various forums stated that it is temporarily inaccessible and in the process of being upgraded.
What is the most recent update?
SEKOIA.IO investigators identified fresh actions on servers hosting the malware on June 10. They discovered multiple operational servers with a web page titled Raccoon Stealer 2.0 when looking for the stealer's management panels on the Shodan search engine.
It is thought that the latest version has been available for purchase on Telegram since May 17.
Following additional investigation, researchers discovered a new malware family known as RecordBreaker, which resembled RacconStealer v2.
The malware was spreading in the wild.
Raccoon Stealer v2 is built-in C/C++ with the help of WinApi. From its C2 servers, the virus downloads genuine third-party DLLs.
The new version inherits many of the prior version's capabilities.
These include, among other things, gathering browser and system information, taking screenshots, downloading files from drives and memory sticks, and harvesting bitcoin wallet data.
The reappearance of well-known malware, such as Raccoon Stealer, is not a novel event in the threat environment.
Despite setbacks, numerous malware families, including Conti and REvil, have previously made a strong return and continue to cause havoc throughout the world. As a result, companies must be aware of the strategies and tactics employed by information hackers in order to prevent assaults.
