Sophos Reports on Rampant Raccoon Stealer Campaign that Uses Telegram and Adds Cryptomining and Cryptocurrency Theft. Stealer is Delivered to Targets Bundled with Ransomware and Other Malicious Content
Sophos, a global leader in next-generation cybersecurity, has published new research, “Trash Panda as a Service: Raccoon Stealer Steals Cookies, Cryptocoins and More,” detailing how a stealer disguised as pirated software grabs cryptocurrencies and information while dropping malicious content, such as cryptominers, on targeted systems.
“With much of daily and professional life now reliant on services delivered through a web browser, the operators behind information-stealing malware are increasingly targeting stored web credentials that provide access to a lot more than they could get by just stealing stored password hashes,” said Sean Gallagher, senior threat researcher at Sophos.
“The campaign we’ve been tracking shows Raccoon Stealer grabbing passwords, cookies, and the ‘autofill’ text for websites, including credit card data and other personally identifying information that may be stored by a browser. Thanks to a recent ‘clipper’ update that changes the clipboard or destination information for a cryptocurrency transaction,
Raccoon Stealer also now targets crypto-wallets, and it can retrieve or load files – such as additional malware – on infected systems. That’s a lot of stuff that cybercriminals can easily monetise for a service that is ‘rented out’ at $75 for a week’s use.”
Raccoon Stealer is usually spread by spam email. However, in the campaign Sophos investigated, it is distributed through droppers that the operators disguised as cracked software installers. These droppers bundle Raccoon Stealer with additional attack tools, including malicious browser extensions, YouTube click-fraud bots, and Djvu/Stop, a ransomware targeted primarily at home users.
The operators behind this Raccoon Stealer campaign also used the Telegram chat service for the first time for command-and-control communications, according to Sophos researchers.
“Information stealers fill an important niche in the cybercrime ecosystem. They offer a quick return on investment and represent an easy and cheap entry point for bigger attacks,” said Gallagher.
“Cybercriminals often sell stolen identity credentials on ‘dark’ marketplaces, allowing other attackers, including ransomware operators or Initial Access Brokers, to take advantage of them for their own criminal intentions – such as breaking into a corporate network through a workplace chat service. Or attackers can use credentials for further attacks targeting other users on the same platform.
There is a constant demand for stolen user credentials – especially credentials providing access to legitimate services that attackers can use to easily host or spread more malware. Information stealers may look like lower-level threats, but they’re not.”
Sophos recommends that organisations that use online services for workplace chat and collaboration use multi-factor authentication (MFA) to protect employees’ accounts and ensure that all employees have up-to-date malware protection on any computer they access remote work-related services from.
Sophos Intercept X protects users by detecting the actions and behaviours of malware like Raccoon Stealer, including scanning for suspicious activity in memory and protecting against fileless malware.
Sophos advises consumers to install a security solution on the devices that they and their families use for online communications and gaming, such as Sophos Home, to protect everyone from malware and cyberthreats. It is also good security practice to avoid downloading and installing unlicensed software from any source. Always check first to make sure it’s legitimate.
Sophos Internet Security 2021 is a virus-spyware that installs itself on your computer system and then tracks your every activity. It records keystrokes, takes screenshots and saves them to hidden files on your hard drive, and then sends this information to a remote administrator.
The administrator can then use this data to monitor everything you do online. You will get various notices on your screen that tell you a particular program has detected suspicious activities on your computer system.
Sophos has been able to protect against some of the more common forms of malware by continually monitoring the system clipboard of windows computers so that it can detect potentially harmful applications. According to research conducted by antivirus researchers,
Sophos has been one of the most effective systems for detecting Trojans and other malware by using a natural signature matching method. According to them, if a file is constantly monitored by Sophos it will be removed immediately from windows computers.
This means that any time that you use the internet you are at risk of becoming infected with any number of internet threats including spyware, viruses, adware, Trojans, worms, and the like. The latest version of Sophos, version 2021, is continually being updated to keep up with the ever-changing threats. Unfortunately, these constant changes in technology mean that our systems are becoming less reliable.
Therefore, it’s extremely important that all computer users to update their operating systems on a regular basis to ensure that they are not only using an effective security tool, but are also downloading the latest security upgrades that can avoid Sophos from stealing your passwords, leaving behind the personal and financial information it steals, as well as making it difficult for you to surf the internet.
Further information on Raccoon Stealer and other cyberthreats is available at SophosLabs Uncut.