Raccoon Stealer malware newest business email compromise attack

With business email compromise (BEC) attacks on the rise, cybersecurity researchers have been engaged in efforts to squelch hackers’ tools. Adding new commands to anti-spam filters has proven to be fairly effective in preventing a large portion of these attacks, but cybercriminals should never be underestimated. According to research published by Cofense, there is a new malware dubbed “Raccoon Stealer” that is bypassing anti-spam filters from companies like Symantec and Microsoft.

According to the blog post from Cofense, Raccoon Stealer is a rather simplistic malware that is available on the Dark Web in English and Russian. Additionally, the malware is sold with the promise — as insane as it sounds — with 24/7 customer support. Finally, the malware is versatile and can be employed in multiple fashions. In this particular campaign, which surfaced in April 2019, hackers who use Raccoon Stealer choose to embed it within an .IMG file that is hosted on Dropbox.

Raccoon Stealer’s actual function (or how it bypasses filters) is fairly interesting. Cofense researchers explain the process in the following excerpt from their blog post:

In this most recent campaign, a potentially compromised email account was used to send the email... which managed to make its way past Symantec Email Security and Microsoft EOP gateways without the URL being removed or tampered with to the extent that it would prevent victims from clicking on it and downloading the payload... Although not particularly advanced or subtle with its network activity and processes, the malware can quickly gather and exfiltrate data as well as download additional payloads... The payload URLs currently deliver a set of DLLs, as specified by the “attachment url” and “libraries” parameters, but future development could easily allow threat actors to use Raccoon Stealer as a loader for other malware to generate additional income.

What makes Raccoon Stealer so fascinating is that it is so versatile and yet not the most complex malware. One does not need to be an expert programmer to utilize it, which should worry security professionals. It can be dealt with in its current form, but it is constantly being developed to meet the demands of black hats around the world, so it’s a bit of a moving target. With it being such a lucrative malware for developers and threat actors alike, it is a high possibility that Raccoon Stealer is here for the long haul.

Featured image: Flickr / Goran Vlacic

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

WordPress vulnerability puts 300,000 at risk for attack

A WordPress vulnerability that could affect 300,000 users has been identified and patched. By if admins don’t update, they remain…

1 hour ago

PowerShell jobs — because you have better things to do than wait

If you run PowerShell commands that take a while to complete, consider using PowerShell jobs, which will allow the command…

4 hours ago

Validating virtual networks rules in a Storage Account using PowerShell

Here’s a TechGenix Quick Tip on how to use PowerShell to retrieve a list of virtual network rules in a…

21 hours ago

Dell launches selection of new PCs, displays, and software

A line of new Dell PCs, with innovative tech capabilities like AI and 5G, are aimed at both personal and…

1 day ago

Exchange 2010 upgrade: Migrate or export mail to PST and start fresh?

If you’re on Exchange 2010, you will have to upgrade soon. And while starting from scratch with a new 2016…

1 day ago

How to repair PST files and import data back to Outlook or Office 365

If your business relies on Outlook, you can’t risk losing mailbox data because of PST files corruption. Here’s how to…

4 days ago