Blog
Back to Newsroom

Cybereason’s Nocturnus Researchers Go Hunting for Raccoon's; The New Masked Malware Bandit

Oct 24, 2019

Cybereason, creators of the leading Cyber Defense Platform, today released an investigative research report from its Nocturnus Research Group titled “Hunting Raccoon: The New Masked Bandit on the Block." Cybereason researchers Assaf Dahan and Lior Rochberger have been investigating Raccoon for six-months dating back to April 2019 and their investigation provides a thorough analysis of the technical aspects of the malware along with a look into the likely Russian team behind it.

Dahan and Rochberger discovered that Raccoon is exploding in popularity in the underground community despite being released earlier this year. It has become one of the top 10 most-referenced malware on the market in 2019, but lacks sophistication. The malware is spreading across organizations and individuals in North America, Europe, and Asia.
“Our Raccoon investigation examines two key aspects and was fascinating to be involved in because we have been able to track is origins, team members, business model and global marketing efforts. We’ve researched the existing feuds between Raccoon’s team and direct competitors and the expansion from Russian underground to English speaking cybercrime communities. In addition, our technical overview looks into future plans for the malware,” said Dahan, Cybereason’s Senior Director, Head of Threat Research.
Additional Raccoon Research Highlights include:

  • Steals a Wide Range of Data: Overall, Raccoon lacks sophistication, but leverages several potential delivery methods and is able to steal a large swath of important data including credit card information, cryptocurrency wallets, browser data, and email credentials.
  • Enables Individuals to Easily Commit Cybercrime: Raccoon follows a malware-as-a-service model, allowing individuals a quick-and-easy way to make money stealing sensitive data without a huge personal investment or technical know-how.
  • Has a Strong Following Underground: The team behind Raccoon is lauded in the underground community for their impressive level of service, support, and quality user experience, but has faced several bouts of public drama from internal disputes.

“The Raccoon stealer follows a malware-as-a-service (MaaS) model and is sold as a MaaS with features like an easy-to-use automated backend panel, bulletproof hosting, and 24/7 customer support in both Russian and English. As of this writing, it costs $200 per month to use, said Rochberger, Threat Analyst, Cybereason.
About Cybereason
Cybereason, creators of the leading Cyber Defense Platform, gives the advantage back to the defender through a completely new approach to cybersecurity. Cybereason offers endpoint prevention, detection and response and active monitoring. The solution delivers multi-layered endpoint prevention by leveraging signature and signatureless techniques to prevent known and unknown threats in conjunction with behavioral and deception techniques to prevent ransomware and fileless attacks. Cybereason is privately held and is headquartered in Boston, with offices in London, Sydney, Tel Aviv, Tokyo, Asia-Pacific and continental Europe.

Learn more: https://www.cybereason.com/
Follow us: Blog | Twitter | Facebook

Media Contact:
Bill Keeler
Senior Director, Global Public Relations
Cybereason
bill.keeler@cybereason.com
(929) 259-3261