KEEPNET LABS > Blog > Raccoon Stealer Abuses Telegram Infrastructure to Store C&C Addresses

Raccoon Stealer Abuses Telegram Infrastructure to Store C&C Addresses

By 2020, Racoon Stealer has become one of the most affordable data theft software.

Raccoon Stealer Abuses Telegram Infrastructure to Store C&C Addresses

Racoon Stealer initially surfaced on underground hacker forums in 2019. . After its first release, the software received several updates. The malware is capable of stealing a wide range of data, including:

Logins saved in the browser cookies
Data from forms is kept in browsers.
Crypto wallet files Login credentials from email client
Data and extensions from browser plugins
Execute commands from C&C servers and modify arbitrary files.

Distribution Methods

The virus was spread through a variety of ways, including Buer Loader and GCleaner. Fake patches, cracks, and cheats for Fortnite, Valorant, and NBA2K22 were among the means of distribution. The Racoon Stealer trojan also contained samples of various bogus applications.

Racoon Stealer’s distribution was unrestricted because it was freely available to anyone. Malware packers or Themida are used to transmit the malware.

Join
Our Newsletter

Sign up to learn about the latest threats, hacking methods, and news.