Racoon Stealer malware bypasses spam filters

Raccoon Stealer - Featured image

A new phishing threat is successfully bypassing spam filters and infecting thousands of Windows PCs.

Hackers responsible for the Raccoon Stealer exploit have found a simple way to circumvent Microsoft and Symantec anti-spam gateways. They simply mask the malware as a .img file hosted on Dropbox. The link to the file is included in an official-looking email like the one a company might receive when initiating a wire transfer. The recipient clicks the link and bingo – the virus is on the user’s local network. Racoon Stealer is currently targeting financial institutions via compromised email accounts. 

The link passes all spam filters unaffected. Usually, when a malicious link is detected anywhere in the body of an email, filters edit out the link and warn the recipient. With Racoon Stealer, infected emails go straight into people’s inboxes.

Raccoon Stealer was first detected in April 2019 when it was offered on Russian hacking forums and distributed via a document file that exploited a known Microsoft Office vulnerability. It has quickly gained traction due to its ease of use.

Obtaining the malware is easy. Just pay $200 per month to the developers. Deploying it is even easier. The malware is almost fully automated, it’s hosted on tightly secured servers, and the developers provide support on a 24/7 basis. Experts estimate that more than 100,000 computers were already infected by the time the malware was discovered.

The current version of Raccoon Stealer targets credit cards, emails, user accounts, and cryptocurrencies. Since the malware could be used to deliver more files and act as a loader, however, experts do not recommend focusing on a single infection vector.