Raccoon Infostealer Malware - Removal

Raccoon Infostealer Malware – Removal

There is a new information stealer in town. Dubbed Raccoon, the malware is gaining popularity as it is being sold as a MaaS (malware-as-a-service). Raccoon has already infected thousands of victims worldwide.

According to researchers, the Raccoon malware has contaminated hundreds of devices throughout the globe in just a couple of months, and has obtained card data and e-mail credentials from victims. The malware is already one of the top 10 most-mentioned malware tools in the underground community.

The malware is not excessively sophisticated or innovative, yet its malware-as-a-service (MaaS) model gives cybercriminals a quick-and-easy method to make money by compromising sensitive user details.

The Raccoon infostealer was discovered by Cybereason researchers, who say that “this strain of malware first emerged as recently as 2019, and has already established a strong following among cybercriminals. Its popularity, even with a limited feature set, signals the continuation of a growing trend of the commoditization of malware as they follow a MaaS (Malware-as-a-Service) model and evolve their efforts.”

Threat Summary

NameRaccoon Infostealer
TypeInfostealer, Malware
Short DescriptionA dangerous malware which can steal sensitive information from infected systems.
SymptomsInfected users may not notice any particular symptoms, as the infostealer is installed silently.
Distribution MethodPhishing emails, Exploit kits, Bundled with legitimate software
Detection Tool See If Your System Has Been Affected by Raccoon Infostealer


Malware Removal Tool

Raccoon Infostealer Malware — Technical Overview

First of all, it is important to note that Raccoon is written in C++ and is designed to work on both 32-bit and 64-bit operating systems. Though it was originally classified as a password stealer by many AV companies, the infosec community has observed it leverage broader capabilities. Thus, it has been categorized as an information stealer (infostealer).

The analysis of the inforstealer shows that it was developed by a Russian cybercrime group. The malware is capable of obtaining a large set of information, despite the lack of sophistication – it can infect victims using various techniques, and can steal plenty of sensitive information, such as credit card data, cryptocurrency wallets, browser data, and e-mail credentials.

The Raccoon malware is swiftly getting grip of new threat actors, eager to use it in their campaigns. It has already become one of the top 10 most-referenced malware pieces on underground marketplaces, infecting numerous endpoints internationally across both organizations and individuals in North America, Europe, and Asia.

Raccoon follows a malware-as-a-service model, allowing people a quick-and-easy way to make money by stealing sensitive data without a big financial investment or technical know-how.

It also appears that the cybercrime team behind Raccoon is admired in the underground community for their level of service, support, and user experience, but has faced a number of bouts of public feuds and inner conflicts, the official report says.

Raccoon Infostealer Distribution Methods

Exploit kits. The Raccoon infostealer is leveraging several ways for distribution across devices, but it mostly relies on exploit kits, phishing attacks, and bundled malware. Cybercriminals are specifically using the Fallout EK to generate a PowerShell instance from Internet Explorer and then download the main payload of the malware.

Phishing. The phishing campaigns carrying the inforstealer are based on email messages that have an attached Word document. When the potential victim opens the Word document and enables macros, the macro code creates a connection to a malicious domain to download the malicious payload.

Bundled malware. The attackers are also leveraging the bundling method, where Raccoon is bundled with legitimate software. If a user downloads an infected installer, the malware will install itself silently, and the user will not notice it.

Raccoon Infostealer – Removal

In order to fully remove the Raccoon infostealer from your computer system, we recommend that you follow the removal instructions underneath this article. If the first two manual removal steps do not seem to work, we suggest what most security experts advise – to download and run a scan of your computer with a reputable anti-malware program.

Downloading this software will not only save you some time, but will remove all of Raccoon malware files and programs related to it and will protect your computer against such intrusive apps and malware in the future.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share