An examination of the new version of the well-known Raccoon Stealer virus has been published by security specialists from the online system Zscaler.
The current version of the malware, according to a warning provided by Zscaler last Friday, is written in C as opposed to earlier iterations, which were primarily created in C++.
The second version of Raccoon Stealer has a redesigned front-end and back-end as well as code that makes it easier to steal credentials and other types of data.
The updated version of the credential stealer may run on 32-bit and 64-bit programmes without the need for any additional dependencies; instead, it retrieves eight reliable DLLs from its C2 servers (in its place of relying on Telegram Bot API).
The malware’s configuration, including which programmes to target, which URLs host the DLLs, and which tokens are used for data exfiltration, is also handled by the C2. The servers then collect information about the fingerprints of the equipment and wait for personal publish requests with stolen data.
Process fingerprinting data, browser passwords, cookies, autofill information and saved credit history playing cards, cryptocurrency wallets, documents stored on all discs, screenshots, and installed applications are apparently among the types of information stolen by Raccoon Stealer 2.
In addition, Zscaler noted that Raccoon Stealer v2 now uses a mechanism in which API names are dynamically solved rather than loaded statically to conceal its intents.
For background, it should be noted that the Raccoon Stealer mission apparently came to an end in March 2022 with the death of one of the direct builders during Russia’s invasion of Ukraine.
According to a report from security analysts at Sekoia, the employees then posted on secret dark web forums that they would be returning. The website post also said that the Raccoon Stealer 2. was previously in development in May.
The Zscaler investigation states that “Raccoon Stealer supplied as Malware-as-a-Assistance has become preferred about the previous few years, and several cases of this malware have been noticed.”
“This virus’s authors are always adding new features to their offspring of malware. Following the initial release in 2019, this is the malware’s second key release. This demonstrates that the malware is very likely to change and continue to pose a risk to businesses.