Quote:Criminals behind the Raccoon Stealer platform have updated their services to include tools for siphoning cryptocurrency from a target’s computer and new remote access features for dropping malware and scooping up files.
The stealer-as-a-service platform, whose customers are typically rookie hackers, offers turnkey services for pilfering browser-stored passwords and authentication cookies. According to new research from Sophos Labs published Tuesday, the platform has received a noteworthy update that includes new tools and distribution networks to boost infected targets.
For starters, Raccoon Stealer has pivoted from inbox-based infections to ones that leverage Google Search. According to Sophos, threat actors have been proficient in their optimization of malicious web pages to rank high in Google search results. The bait to lure victims in this campaign is software pirating tools such as programs to “crack” licensed software for illicit use or “keygen” programs that promise to generate registration keys to unlock licensed software.
“While the sites advertised themselves as a repository of ‘cracked’ legitimate software packages, the files delivered were actually disguised droppers. Clicking on the links to a download connected to a set of redirector JavaScripts hosted on Amazon Web Services that shunt victims to one of multiple download locations, delivering different versions of the dropper,” wrote Yusuf Polat and Sean Gallagher, both senior threat researchers at Sophos, who authored the report.
Read more: Raccoon Stealer Bundles Malware, Propagates Via SEO | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
