Sophos reports on Rampant Raccoon Stealer Campaign

Sean Gallagher senior threat research SophosSophos, one of the leading cybersecurity solution provider, has published new research, “Trash Panda as a Service: Raccoon Stealer Steals Cookies, Cryptocoins and More,” detailing how a stealer disguised as pirated software grabs cryptocurrencies and information while dropping malicious content, such as cryptominers, on targeted systems

“With much of daily and professional life now reliant on services delivered through a web browser, the operators behind information-stealing malware are increasingly targeting stored web credentials that provide access to a lot more than they could get by just stealing stored password hashes,” said Sean Gallagher, senior threat researcher at Sophos

Raccoon Stealer is usually spread by spam email. However, in the campaign Sophos investigated, it is distributed through droppers that the operators disguised as cracked software installers. These droppers bundle Raccoon Stealer with additional attack tools, including malicious browser extensions, YouTube click-fraud bots, and Djvu/Stop, a ransomware targeted primarily at home users. The operators behind this Raccoon Stealer campaign also used the Telegram chat service for the first time for command-and-control communications, according to Sophos researchers.

Sophos recommends that organisations that use online services for workplace chat and collaboration use multi-factor authentication (MFA) to protect employees’ accounts and ensure that all employees have up-to-date malware protection on any computer they access remote work-related services from.

Sophos Intercept X protects users by detecting the actions and behaviors of malware like Raccoon Stealer, including scanning for suspicious activity in memory and protecting against fileless malware. 

Sophos advises consumers to install a security solution on the devices that they and their families use for online communications and gaming, such as Sophos Home, to protect everyone from malware and cyberthreats. It is also good security practice to avoid downloading and installing unlicensed software from any source. 

Alain Charles Publishing, University House, 11-13 Lower Grosvenor Place, London, SW1W 0EX, UK
T: +44 20 7834 7676, F: +44 20 7973 0076, W: www.alaincharles.com

twn Are you sure that you want to switch to desktop version?