Copycat Site Serves Up Raccoon Stealer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,511
Someone is targeting web denizens with a malicious, copycat Malwarebytes website, which serves up the Raccoon information stealer malware to unsuspecting visitors. According to the security firm itself, the attackers set up the domain “malwarebytes-free[.]com” with a domain registrar in late March.

“Examining the source code, we can confirm that someone stole the content from our original site but added something extra,” according to a posting from the security firm this week. “A JavaScript snippet checks which kind of browser you are running, and if it happens to be Internet Explorer, you are redirected to a malicious URL belonging to the Fallout exploit kit.”

Further, the fake Malwarebytes site is being used in a malvertising campaign via the PopCash ad network, researchers added. Fake Malwarebytes ads served up by the PopCash network take visitors to the watering-hole site. The firm said that it contacted PopCash to report the malicious advertiser.

Whether they arrive via organic means or via an ad, once visitors hit the site, the Fallout exploit kit (EK) is used to infect vulnerable machines with the Raccoon data-harvesting malware. Raccoon scours systems for credit card information, cryptocurrency wallets, passwords, emails, cookies, system information and data from popular browsers (including saved credit-card info, URLs, usernames and passwords), and then sends that data back to its operator.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top