Raccoon Stealer: “Trash panda” abuses Telegram

Avast - 

We recently came across a stealer, called Raccoon Stealer, a name given to it by its author. Raccoon Stealer uses the Telegram infrastructure to store and update actual C&C addresses. 

Raccoon Stealer is a password stealer capable of stealing not just passwords, but various types of data, including:

Cookies, saved logins and forms data from browsersLogin credentials from email clients and messengersFiles from crypto walletsData from browser plugins and extensionArbitrary files based on commands from C&C

In addition, it’s able to download and execute arbitrary files by command from its C&C. In combination with active development and promotion on underground forums, Raccoon Stealer is prevalent and dangerous.

The oldest samples of Raccoon Stealer we’ve seen have timestamps from the end of April 2019. Its authors have stated the same month as the start of selling the malware on underground forums. Since then, it has been updated many times. According to its authors, they fixed bugs, added features, and more.

Distribution

We’ve seen Raccoon distributed via downloaders: Buer Loader and GCleaner. According to some samples, we believe it is also being distributed in the form of fake game cheats, patches for cracked software (including hacks and mods for Fortnite, Valorant, and

Read More: https://decoded.avast.io/vladimirmartyanov/raccoon-stealer-trash-panda-abuses-telegram/?utm_source=rss&utm_medium=rss&utm_campaign=raccoon-stealer-trash-panda-abuses-telegram