Level 2
During the early months of the first wave, people were bombarded with phishing emails that pretended to help them deal with the COVID-19 outbreak, but instead installed the malicious spyware known as Raccoon Stealer onto victims’ computers.
Raccoon Stealer is known for stealing victims’ credit card data and email credentials, and has been making its rounds earlier this year, especially during the first few weeks after the coronavirus impacted Western countries.
Having made the rounds over and over again during the first ware of the pandemic, it’s more than likely that we’ll be seeing Racoon Stealer’s return alongside COVID-19 phishing campaigns later in the year, as new record highs in daily cases and fears of a second global outbreak make people more susceptible to fake emails and websites that masquerade as coming from legitimate health organizations.


Level 10
Didn't read the whole thing, but noticed this:

"Out of the 10 antivirus programs we analyzed using static analysis, only 2 were able to automatically detect all variations of the malware."

They should at least have the decency of testing malware against an AV's full protection capabilities ;)

Thanks for the post.

Andy Ful

Level 65
Content Creator
Other interesting fragments:
"It’s also important for me to emphasize that it was difficult to get Raccoon on our VM in the first place. All of the browsers I tried (Chrome, Firefox, Edge) blocked our file from being downloaded, or deleted it immediately after running their scans.

We were finally able to bypass Edge’s block after turning off Windows Defender’s SmartScreen feature."

" Lastly, this was merely a static analysis. The results would get much more significant were we to do a dynamic analysis, as we would truly see these AV programs in the wild against these four versions of Racoon Stealer. "