Security News > 2021 > August > Raccoon Stealer Bundles Malware, Propagates Via Google SEO
Criminals behind the Raccoon Stealer platform have updated their services to include tools for siphoning cryptocurrency from a target's computer and new remote access features for dropping malware and scooping up files.
For starters, Raccoon Stealer has pivoted from inbox-based infections to ones that leverage Google Search.
What is unique about Raccoon Stealer is that, unlike other info-stealer services and malware targeting individuals via inboxes, the campaign Sophos tracked is distributed via malicious websites.
A second-stage payload delivered from the Raccoon Stealer has included 18 malware samples since October 2020, according to Sophos.
"Some of the.NET loaders were Raccoon Stealer, and both the QuilClipper and Raccoon samples use the Raccoon Telegram channel we found in our initial Raccoon sample: telete[.]in/jbitchsucks. Investigating these files and searching on their filenames, we found a YouTube channel that promotes Raccoon Stealer and QuilClipper."
A study of the Raccoon Stealer infrastructure revealed 60 subdomains under the domain xsph[.