Author: Nick Sundvall
TLP: WHITE
On 1 September, we observed a malicious spam (malspam) email campaign distributing Raccoon malware. Raccoon, also known as Racealer, is an information stealer (infostealer) that was first observed in April 2019.1
Raccoon can steal credit cards, usernames, passwords, and cryptocurrency wallets.2 Although it has relatively basic features, it is effective and affordable.
Threat actors can reportedly purchase Raccoon from online forums for $75, a reportedly lower-than-average price for similar types of malware.3 Raccoon is a Malware-As-A-Service (MaaS) that allows buyers to receive software updates and support from the sellers.
In this campaign, the threat actor sent emails with the vague subject Purchase Order. The emails contained a message body beginning “Dear Sir, Pls find enclosed our new purchase order for your reference.“ Each email had an attached file named Purchase Order.xlsx.
Infoblox’s full report on this campaign will be available soon on our Threat Intelligence Reports page.
Endnotes
- https://www.cyberark.com/resources/threat-research-blog/raccoon-the-story-of-a-typical-infostealer
- https://blog.trendmicro.com/trendlabs-security-intelligence/raccoon-stealers-abuse-of-google-cloudservices- and-multiple-delivery-techniques/
- https://www.cyberark.com/resources/threat-research-blog/raccoon-the-story-of-a-typical-infostealer
