Raccoon Stealer malware newest business email compromise attack

With business email compromise (BEC) attacks on the rise, cybersecurity researchers have been engaged in efforts to squelch hackers’ tools. Adding new commands to anti-spam filters has proven to be fairly effective in preventing a large portion of these attacks, but cybercriminals should never be underestimated. According to research published by Cofense, there is a new malware dubbed “Raccoon Stealer” that is bypassing anti-spam filters from companies like Symantec and Microsoft.

According to the blog post from Cofense, Raccoon Stealer is a rather simplistic malware that is available on the Dark Web in English and Russian. Additionally, the malware is sold with the promise — as insane as it sounds — with 24/7 customer support. Finally, the malware is versatile and can be employed in multiple fashions. In this particular campaign, which surfaced in April 2019, hackers who use Raccoon Stealer choose to embed it within an .IMG file that is hosted on Dropbox.

Raccoon Stealer’s actual function (or how it bypasses filters) is fairly interesting. Cofense researchers explain the process in the following excerpt from their blog post:

In this most recent campaign, a potentially compromised email account was used to send the email... which managed to make its way past Symantec Email Security and Microsoft EOP gateways without the URL being removed or tampered with to the extent that it would prevent victims from clicking on it and downloading the payload... Although not particularly advanced or subtle with its network activity and processes, the malware can quickly gather and exfiltrate data as well as download additional payloads... The payload URLs currently deliver a set of DLLs, as specified by the “attachment url” and “libraries” parameters, but future development could easily allow threat actors to use Raccoon Stealer as a loader for other malware to generate additional income.

What makes Raccoon Stealer so fascinating is that it is so versatile and yet not the most complex malware. One does not need to be an expert programmer to utilize it, which should worry security professionals. It can be dealt with in its current form, but it is constantly being developed to meet the demands of black hats around the world, so it’s a bit of a moving target. With it being such a lucrative malware for developers and threat actors alike, it is a high possibility that Raccoon Stealer is here for the long haul.

Featured image: Flickr / Goran Vlacic

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

Using Azure Active Directory Identity Protection to boost your security

Using Azure Active Directory Identity Protection will boost your security. This step-by-step guide shows you…

17 hours ago

Review: Kemp Virtual LoadMaster load balancer

With many businesses requiring employees to work remotely, Kemp’s Virtual LoadMaster can help relieve many…

21 hours ago

Microsoft warns of COVID-19-related spear-phishing campaign

COVID-19 is not going away anytime soon, and as Microsoft researchers have discovered, neither are…

24 hours ago

Ansible: Introduction to this open-source automation platform

In this first of several articles on Ansible, we give you a high-level overview of…

2 days ago

Microsoft Build 2020: All the major announcements

Microsoft Build 2020 may have been a virtual event, but there was some real news,…

2 days ago

Conquer the world with PowerShell global variable

In Power Shell, every variable has a certain scope, but a PowerShell global variable is…

2 days ago