The Raccoon Stealer Makes a Comeback with Enhanced Evasion Features

The cybercrime group responsible for Raccoon Stealer has made a comeback after a six-month break, unveiling version 2.3.0 of their malware. This version, aimed at cybercriminals, is being advertised on hacker forums. The group’s resurgence follows several setbacks in 2022, leading to a temporary shutdown of their operations.

New Features and Updates in Version 2.3.0:

  • An enhanced admin panel for easier access to stolen data, including credentials and documents.
  • A system for detecting and responding to abnormal access patterns, such as repeated logins from the same IP address.
  • A mechanism to identify and block IP addresses associated with crawlers and bots, aiming to avoid detection.
  • A ‘Log Stats’ panel providing insights into their operations, including targeted regions and the number of compromised computers.

Timeline of Challenges:

  • In March 2022, the group paused operations due to the loss of a developer in the Russia-Ukraine war, and their malware was replaced with the Dridex trojan.
  • In June 2022, a new version (2.0) was detected, developed in C/C++ using WinApi, but it wasn’t long before the group faced another setback.
  • In October 2022, the FBI apprehended one of the main operators in the U.S. and dismantled their MaaS infrastructure, which had collected over four million email addresses.

Despite these obstacles, the group’s resurgence indicates their determination to continue their activities.

Protective Measures:

  • It’s crucial to use password managers rather than storing credentials in browsers.
  • Multi-Factor Authentication (MFA) should be enforced across various accounts and applications for added security.
  • Organizations should implement best practices, including email security controls and regular software updates, to safeguard against such threats.
Scroll to Top