Raccoon infostealer is a type of ‘infostealer’ malware specifically designed to target web browsers, extracting stored information on your computer. This includes login credentials, browsing history, search records, and potentially financial details if saved by your web browser. Raccoon infostealer is tailored for Windows PCs, while there are counterparts aimed at Macs. Therefore, understanding the functionality of Raccoon infostealer and implementing protective measures is essential. This knowledge is crucial not just for countering Raccoon infostealer but also for addressing other infostealers that may be encountered.
What is Raccoon infostealer malware?
Raccoon infostealer, first identified in 2019, is a malware-as-a-service (MAAS) available for purchase on dark web forums, requiring a periodic fee. It primarily targets Windows systems, focusing on extracting browser autofill passwords, history, cookies, credit card details, usernames, passwords, and cryptocurrency wallets once deployed. Since its inception, Raccoon infostealer has infected a significant number of systems, gaining notoriety as a frequently discussed tool on dark web forums. In addition to its browser data targeting, it incorporates custom modules that extend its capabilities to cryptocurrency applications, password managers, email clients, and other software. Some versions even allow it to act as a ‘man in the middle,’ intercepting data between the host system and the internet.
Although the Raccoon infostealer network temporarily ceased operations in 2022, it later resumed. In October 2022, one of the alleged hackers associated with the malware faced indictment by a US Grand Jury on charges of conspiring to violate the Computer Fraud and Abuse Act, having reportedly faked his own death.
ad
How does Raccoon infostealer malware work?
Raccoon is specifically designed for Windows systems, but similar infostealers are known to target Macs. Raccoon employs the process injection technique, hijacking legitimate browser processes and creating new ones to target cache files. It extracts data from these files and sends it to a host server. Additionally, it focuses on the SQLite database used by web browsers, stealing autofill passwords, credit card data, cookies, and browser history. Despite encrypting the stolen data, Raccoon lacks sophisticated antidetection techniques, making it detectable by robust IT security tools.
Once the data is stolen, hackers can use it to target bank and credit card accounts or impersonate the user. Alternatively, the more likely scenario involves selling the data to different parties, each using it for theft and fraud.
What infostealers target Macs?
Atomic, a Mac-targeting infostealer identified in 2023, is distributed through Telegram, with a reported subscription fee of $1,000 per month. Subscribers receive a dmg file housing malware specifically crafted to compromise data stored in the Mac’s keychain, encompassing usernames, passwords, and sensitive financial information. The malware also directs its focus towards cryptocurrency extensions and wallets. The crucial point to note is that, even though Raccoon may not specifically target Macs, there is a continual emergence of other infostealers. Hence, maintaining vigilance is essential to safeguard your data.
How to protect against infostealers
Like many types of malware, infostealers such as Raccoon and Atomic hinge on users downloading malicious content onto their Macs. Hackers employ various tactics, including phishing emails, messages, fake downloads, and other scams aimed at convincing users to download harmful files. The crucial advice is to maintain vigilance:
- Avoid clicking on links unless you are certain of their destination.
- Only download software from sites that you are confident are legitimate.
- Disregard pop-ups claiming that software needs updating or that your Mac is infected.
- Take heed of warnings from macOS notifying you that something you are attempting to install is from an unidentified developer.
How to check whether your Mac has been infected with malware
Checking for malware on your Mac and removing it can be done using a specialized Mac antimalware tool. Another option is to utilize a tool that not only detects and eliminates malware but also cleans up unnecessary files, helps optimize your Mac’s performance, and simplifies regular maintenance tasks.
FAQ’s
What is Raccoon infostealer malware?
Raccoon infostealer is malware designed to target web browsers, extracting stored information on a computer, including login credentials, browsing history, and potentially financial details.
How does Raccoon infostealer malware work?
Raccoon targets Windows systems, using the process injection technique to hijack browser processes, extract data, and send it to a host server. It also focuses on the SQLite database for additional data theft.
Are there infostealers that target Macs?
Yes, Atomic is an infostealer identified in 2023, specifically targeting Macs by compromising data stored in the Mac’s keychain.
How can users protect against infostealers like Raccoon and Atomic?
Users can protect against infostealers by being vigilant, avoiding suspicious links, downloading only from legitimate sites, ignoring fake pop-ups, and paying attention to warnings from macOS.
How can I check if my Mac has been infected with malware?
Use a specialized Mac antimalware tool or a comprehensive tool that not only detects and eliminates malware but also optimizes performance and simplifies regular maintenance.
Conclusion
In the face of evolving cyber threats represented by infostealers like Raccoon and Atomic, proactive cybersecurity is paramount. Users across Windows and Mac systems must comprehend the risks associated with these malware variants. The resurgence of Raccoon and the emergence of threats like Atomic underscore the persistent challenges in data security. Vigilance, cautious online behavior, and dedicated security tools are crucial for effective defense. Staying informed and adopting best practices are indispensable in navigating the complex realm of cybersecurity and countering the threat of infostealers.
ad
Comments are closed.