Security News > 2021 > August > Raccoon Stealer Bundles Malware, Propagates Via Google SEO
Criminals behind the Raccoon Stealer platform have updated their services to include tools for siphoning cryptocurrency from a target's computer and new remote access features for dropping malware and scooping up files.
For starters, Raccoon Stealer has pivoted from inbox-based infections to ones that leverage Google Search.
What is unique about Raccoon Stealer is that, unlike other info-stealer services and malware targeting individuals via inboxes, the campaign Sophos tracked is distributed via malicious websites.
A second-stage payload delivered from the Raccoon Stealer has included 18 malware samples since October 2020, according to Sophos.
"Some of the.NET loaders were Raccoon Stealer, and both the QuilClipper and Raccoon samples use the Raccoon Telegram channel we found in our initial Raccoon sample: telete[.]in/jbitchsucks. Investigating these files and searching on their filenames, we found a YouTube channel that promotes Raccoon Stealer and QuilClipper."
A study of the Raccoon Stealer infrastructure revealed 60 subdomains under the domain xsph[.
News URL
https://threatpost.com/raccoon-stealer-google-seo/168301/
Related news
- Fake Homebrew Google ads target Mac users with malware (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)