Most antivirus programs can’t detect new coronavirus malware that steals victims’ money, personal data

MonSpyder9

Level 2
Thread author
May 4, 2020
39
During the early months of the first wave, people were bombarded with phishing emails that pretended to help them deal with the COVID-19 outbreak, but instead installed the malicious spyware known as Raccoon Stealer onto victims’ computers.
Raccoon Stealer is known for stealing victims’ credit card data and email credentials, and has been making its rounds earlier this year, especially during the first few weeks after the coronavirus impacted Western countries.
Having made the rounds over and over again during the first ware of the pandemic, it’s more than likely that we’ll be seeing Racoon Stealer’s return alongside COVID-19 phishing campaigns later in the year, as new record highs in daily cases and fears of a second global outbreak make people more susceptible to fake emails and websites that masquerade as coming from legitimate health organizations.
 

motox781

Level 10
Verified
Well-known
Apr 1, 2015
483
Didn't read the whole thing, but noticed this:

"Out of the 10 antivirus programs we analyzed using static analysis, only 2 were able to automatically detect all variations of the malware."

They should at least have the decency of testing malware against an AV's full protection capabilities ;)

Thanks for the post.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Other interesting fragments:
"It’s also important for me to emphasize that it was difficult to get Raccoon on our VM in the first place. All of the browsers I tried (Chrome, Firefox, Edge) blocked our file from being downloaded, or deleted it immediately after running their scans.

We were finally able to bypass Edge’s block after turning off Windows Defender’s SmartScreen feature."

" Lastly, this was merely a static analysis. The results would get much more significant were we to do a dynamic analysis, as we would truly see these AV programs in the wild against these four versions of Racoon Stealer. "
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793

The U.S. Attorney for the Western District of Texas unsealed an indictment last week that named Ukrainian national Mark Sokolovsky as the core developer for the Raccoon Infostealer business, which was marketed on several Russian-language cybercrime forums beginning in 2019.


Raccoon was essentially a Web-based control panel, where — for $200 a month — customers could get the latest version of the Raccoon Infostealer malware, and interact with infected systems in real time. Security experts say the passwords and other data stolen by Raccoon malware were often resold to groups engaged in deploying ransomware.


Working with investigators in Italy and The Netherlands, U.S. authorities seized a copy of the server used by Raccoon to help customers manage their botnets. According to the U.S. Justice Department, FBI agents have identified more than 50 million unique credentials and forms of identification (email addresses, bank accounts, cryptocurrency addresses, credit card numbers, etc.) stolen with the help of Raccoon.

It seems his girlfriend documented everything on Instagram, which prob. helped law enforcement to catch him. :rolleyes:

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top