This malware steals your passwords and is on sale for anyone who wants to use it

June 29, 2022

By Kim Komando

Using a Password Manager is the best way to protect your authentication details for websites and services. Unfortunately, some people take the easy route by letting their internet browser do all the critical remembering.

Browsers like Google’s Chrome or Mozilla’s Firefox can store usernames, passwords, addresses and credit card information. The tool known as AutoComplete data makes it easy to fill in details on websites.

But it’s not as secure as you might think or hope. Read on for frightening details on how an updated malware variant can steal your critical information for as little as $50.

Here’s the backstory

Malware often undergoes several iterations as the developers fine-tune its capabilities and delivery methods. A good example is the prominent information grabber, Raccoon Stealer.

Several cybercriminal groups have used the malware since 2019, but operations abruptly stopped in March this year. However, according to cybersecurity company Sekoia, a revived Racoon Stealer popped up on hacker forums in early June.

The two-month hiatus, according to Sekoia, is attributed to the death of one of its developers during the Russian invasion of Ukraine. However, version two of Raccoon Stealer can inflict more damage than the previous variant.

Distribution of the malware happens through fake installers or cracked versions of popular software. For example, an investigation found Raccoon Stealer hiding in the files of a fake F‑Secure VPN installer, Proton VPN installer and R-Studio Network installer.

Once an infected device connects to the internet, the malware starts working. According to the post on a hacker forum, Raccoon Stealer can:

What you can do about it

It’s scary to think that a small piece of coding can cause so much damage for as little as $50. But that is precisely what Raccoon Stealer is all about. This variant is Malware-as-a-Service (MaaS), where criminals pay a usage fee so they don’t have to create their own malware.

The good news is there are a few ways to keep your data private and lock down your information. Here are some suggestions:

Keep reading

Ignore that text from your bank – It could plant malware on your phone

Scary new malware takes over your browser to show you fake search results

https://www.komando.com/tips/cybersecurity/raccoon-stealer-malware/