Raccoon Stealer Abuses Telegram Infrastructure to Store C&C Addresses

KEEPNET LABS > Blog > Raccoon Stealer Abuses Telegram Infrastructure to Store C&C Addresses

By 2020, Racoon Stealer has become one of the most affordable data theft software.

Apr 7, 2022 7:53 am

Racoon Stealer initially surfaced on underground hacker forums in 2019. . After its first release, the software received several updates. The malware is capable of stealing a wide range of data, including:

Logins saved in the browser cookies
Data from forms is kept in browsers.
Crypto wallet files Login credentials from email client
Data and extensions from browser plugins
Execute commands from C&C servers and modify arbitrary files.

Distribution Methods

The virus was spread through a variety of ways, including Buer Loader and GCleaner. Fake patches, cracks, and cheats for Fortnite, Valorant, and NBA2K22 were among the means of distribution. The Racoon Stealer trojan also contained samples of various bogus applications.

Racoon Stealer’s distribution was unrestricted because it was freely available to anyone. Malware packers or Themida are used to transmit the malware.

Phishing Test Software

The human factor is the weakest point in your security posture and may be used against you regardless of how secure your network, computers, and software are. Traditional security measures are insufficient to stop these attacks. Using phishing test platforms that replicate phishing attacks is an effective security measure.

Phishing Training for Employees

Phishing is one of the most successful ways cybercriminals access companies' passwords and other security credentials. A cybercriminal impersonates a legitimate person or entity and sends a fake email to manipulate employees. Companies need to train their employees not to click on links or attachments in suspicious emails.

Protect Yourself Against Keyloggers

Keyloggers are one of the most common and deadly cybersecurity threats. It is a type of malware that records keystrokes and sends them back to the cybercriminal. Hackers can access accounts, banking systems, or even bitcoin wallets thanks to keyloggers.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.