Sophos, a global leader in next-generation cybersecurity, has published new research, Trash Panda as a Service: Raccoon Stealer Steals Cookies, Cryptocoins and More, detailing how a stealer disguised as pirated software grabs cryptocurrencies and information while dropping malicious content, such as cryptominers, on targeted systems.
Sean Gallagher, Senior Threat Researcher, Sophos, said: “With much of daily and professional life now reliant on services delivered through a web browser, the operators behind information-stealing malware are increasingly targeting stored web credentials that provide access to a lot more than they could get by just stealing stored password hashes.
“The campaign we’ve been tracking shows Raccoon Stealer grabbing passwords, cookies and the ‘autofill’ text for websites, including credit card data and other personally identifying information that may be stored by a browser. Thanks to a recent ‘clipper’ update that changes the clipboard or destination information for a cryptocurrency transaction, Raccoon Stealer also now targets crypto-wallets, and it can retrieve or load files – such as additional malware – on infected systems.”
Raccoon Stealer is usually spread by spam email. However, in the campaign Sophos investigated, it is distributed through droppers that the operators disguised as cracked software installers.