A new easy to use Trojan has been winning the Trojan war amongst the other Trojan malware, proving to be quite popular with cybercriminals since it allows them to steal information like credit card data, passwords and even cryptocurrency in a much simpler way possible. c
Its been noted that Raccoonware – one of the most talked bout malware is not all sophisticated to use hence it is aggressively marketed to current and potential cybercriminals. Illegal marketers on the dark web have been providing the malware with an easy to use back end, along with bulletproof hosting and 24×7 support, all of this at 200$ a month.
Some might say that it is priced too high for a simple malware however, a cybercriminal can recoup the amount considering the financial and personal data that can be stolen using the malware.
The malware’s flexible nature allows it to be delivered to the potential victims in numerous ways but the most common way that it is delivered is via exploit kits, compromised software downloads, and phishing.
While exploit kits take advantage of the vulnerabilities in common software and the raccoonware employs the Fallout exploit kit. Making use of it to spawn a Powershell instance from internet explorer and download the malware while the victim is using their browser. The phishing method, weaponize a Microsoft document and ensures the delivery of the malware through email. And concluding the modus operandi the ransomware is also delivered in a compromised version of legitimate softwares downloaded from third-party websites.
Once the system is successfully infected, the raccoon begins communicating with a command and control server, in order to access the resources to conduct its malevolent activity. At the same time it also acquires the local settings on the target machine, however, if it detects the language to be Russian, Ukranian, Belarusian, Kazakh, Kyrgyz, Armenian, Tajik or Uzbek, then it will terminate its activity immediately.
Analysis by various researchers has led to believe that the authors of Raccoonware are Russian in origin, since its very common for malware that originates in Russia and its surrounding states to avoid targeting Russian users.
Once the Malware is active on the target machine, Raccoonware is capable of stealing system information, browser information, including login information and bank details, screen grabs and it can also monitor emails and steal from cryptocurrency wallets.
Without a complicated code, the ease of use allows the cybercriminals to steal a large amount of data from individuals or businesses. Which can be used at per their wish, to sell on the dark web or to use for further attacks.
The malware poses a significant threat to its target and is capable of inflicting a great amount of damage to individuals and organizations alike.
The researchers have noticed that Raccoon receives regular updates from its authors, and analysis of the advertising thread from the dark web shows that the authors are willing to listen to the users for ideas on new functionality. While the malware is still new it is quickly gaining popularity on the dark web and has already effected users across America, Europe, and Asia.
Unlike other Malware, Raccoon is being marketed as a service, which could result in malware being a major threat in the coming future.
To read more, please check eScan Blog
