Raccoon Password Stealer is Back and More Effective than Ever

According to cybersecurity researchers at Sekoia, the worst may still be yet to come.

Raccoon Stealer, one of the most prolific data stealers in digital history, has clawed its way back onto the scene, and this time it’s more effective than ever.

The re-emergence of the malware — best known for stealing personal information like passwords, files, and biometric data — was first spotted by French cybersecurity company Sekoia earlier this week.

According to the firm’s analysis, the authors of Raccoon Stealer have rewritten the code from scratch and added screenshot capturing and keystroke logging to its list of capabilities. With the code expected to be released on criminal marketplaces soon, the full impact of its resurgence is yet to be determined.

Raccoon Stealer Is Back on the Scene 

Also known as Legion, Mohazo, and Racealer, Raccoon Stealer is a ransomware application best known for stealing personal user data. The Ukrainian MaaS group first gained notoriety throughout 2021 for spamming malicious links and infiltrating servers.

After a brief but impactful tirade, its lead developer was killed in Russia’s invasion of Ukraine, forcing the cyber gang to cease operations. Yet, with security analysts at Sekoia noticing the malware on hacker forums earlier this month, it appears the group’s hiatus was a brief one.

According to Sekoia’s recent report, the authors of the malware have since improved the trojans efficiency, performance, and stealing capabilities and have been selling it on Telegram since May 17th of this year.

However, the data stealer is still in its workshop phase and is currently only available to a small pool of cyber criminals.

What is Raccoon Stealer 2.0 Capable of?

Just like its predecessor, Raccoon Stealer 2.0 is capable of stealing a slew of personal information including passwords, browser cookies, crypto wallet details, geo-location, and autofill data from its victims.

However, thanks to advancements in its code, cybercriminals can also use the malware to access fingerprint information, keystrokes, private screenshots, web browser extension, private files, and data stored in installed apps.

Unlike most trojans of its kind, Raccoon transmits data each time it successfully claims an item and doesn’t have any obfuscation techniques.

“We expect a resurgence of Raccoon Stealer v2, as developers implemented a version tailored to the needs of cybercriminals and scaled their backbone servers to handle large loads,” said researchers from Sekoia.

While this makes the malware easier to spot, it’s also recognized to dramatically improve its effectiveness.

What’s more, with the full version of the MaaS expected to be released in coming weeks, and the criminal underworld already distributing the Raccoon Stealer in its current form, researchers fear that the worst may be yet to come.

Cybersecurity Tools Have Never Been More Vital

Unfortunately, data thieves like Raccoon Stealers are becoming more prevalent than ever. If your business is serious about tackling these threats head on, a multi-pronged cybersecurity strategy is needed.

From installing, and regularly updating antivirus software and using secure passwords, to implementing virtual private networks (VPNs) when browsing the web, there’s a number of actions businesses can take to stay safe online.

It’s also worth trusting your gut. If something doesn’t seem right to you, it’s probably not. So before entering sensitive financial or private data into the ether, double check the source is legitimate before pressing send.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Isobel O'Sullivan (BSc) is a senior writer at Tech.co with over four years of experience covering business and technology news. Since studying Digital Anthropology at University College London (UCL), she’s been a regular contributor to Market Finance’s blog and has also worked as a freelance tech researcher. Isobel’s always up to date with the topics in employment and data security and has a specialist focus on POS and VoIP systems.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals