Raccoon Stealer malware newest business email compromise attack

With business email compromise (BEC) attacks on the rise, cybersecurity researchers have been engaged in efforts to squelch hackers’ tools. Adding new commands to anti-spam filters has proven to be fairly effective in preventing a large portion of these attacks, but cybercriminals should never be underestimated. According to research published by Cofense, there is a new malware dubbed “Raccoon Stealer” that is bypassing anti-spam filters from companies like Symantec and Microsoft.

According to the blog post from Cofense, Raccoon Stealer is a rather simplistic malware that is available on the Dark Web in English and Russian. Additionally, the malware is sold with the promise — as insane as it sounds — with 24/7 customer support. Finally, the malware is versatile and can be employed in multiple fashions. In this particular campaign, which surfaced in April 2019, hackers who use Raccoon Stealer choose to embed it within an .IMG file that is hosted on Dropbox.

Raccoon Stealer’s actual function (or how it bypasses filters) is fairly interesting. Cofense researchers explain the process in the following excerpt from their blog post:

In this most recent campaign, a potentially compromised email account was used to send the email... which managed to make its way past Symantec Email Security and Microsoft EOP gateways without the URL being removed or tampered with to the extent that it would prevent victims from clicking on it and downloading the payload... Although not particularly advanced or subtle with its network activity and processes, the malware can quickly gather and exfiltrate data as well as download additional payloads... The payload URLs currently deliver a set of DLLs, as specified by the “attachment url” and “libraries” parameters, but future development could easily allow threat actors to use Raccoon Stealer as a loader for other malware to generate additional income.

What makes Raccoon Stealer so fascinating is that it is so versatile and yet not the most complex malware. One does not need to be an expert programmer to utilize it, which should worry security professionals. It can be dealt with in its current form, but it is constantly being developed to meet the demands of black hats around the world, so it’s a bit of a moving target. With it being such a lucrative malware for developers and threat actors alike, it is a high possibility that Raccoon Stealer is here for the long haul.

Featured image: Flickr / Goran Vlacic

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Diebold Nixdorf ATMs targeted by jackpotting attacks

ATM manufacturer Diebold Nixdorf says its European machines are being hit by jackpotting attacks, where…

1 hour ago

Allow a home computer to connect to your Azure SQL server/database

In these days where remote computing has become crucial, you can connect your home computer…

5 hours ago

Migrating to Microsoft 365? Get the ball rolling with a trial tenant

Many companies still using Exchange Server are thinking of moving to Microsoft 365. You can…

8 hours ago

wpDiscuz WordPress plugin: Critical vulnerability found and patched

Users of the wpDiscuz interactive comment WordPress plugin should implement a new patch as soon…

1 day ago

Data lifecycle management: Policies and procedures for security and compliance

With the amount of electronic information consistently growing, data lifecycle management is crucial for compliance…

1 day ago

Deploy Windows from the cloud to on-premises hardware? Yes, you can

Wouldn’t it be nice if you could deploy Windows from the cloud while sipping an…

4 days ago