Racoon Malware Steals User Data From Nearly 60 Apps : Tenable

Racoon Malware is new on cybercriminal forums and is said to be able to extract sensitive data on targeted computers. As reported in Bleeping Computer, the malware was first seen in the wild in April 2019 and it is distributed under the MaaS (malware-as-a-service) model for $75/week or $200/month. For this money, the attackers get access to an administration panel that lets them customize the malware, access stolen data, and download the builds of the malware.


Commenting on this Adam PalmerTechnical Director at Tenable said “Concerning reports today indicated that the info-stealing malware, “Racoon”, is able to extract data from multiple user applications. While this is a serious risk, it is also a well-known, commonly used, malware type. Racoon has previously been used to exploit well-known flaws to install on user machines. The reason for the malware’s popularity is not because it is advanced or complex. It is used because it is inexpensive to purchase, simple to deploy, and relatively easy to customize. This allows a malware attacker to target the increasing number of applications on user devices.


“Threat actors typically use phishing messages and other commonly known exploit techniques to try and spoof users into interacting with their malicious payload. However, by patching well-known and exploited vulnerabilities, the risk of infection by commonly used malware is greatly reduced.

“Organisations continue to embrace applications and other 3rd party platforms to provide additional functionality for system users. New applications provide benefits, but some also introduce risks. Risks include malware and malicious applications that may connect to systems once outside the realm of IT, such as Operational Technology (OT) environments.

“This expanded attack surface must be secured with the same basic standards as traditional IT environments. Minimum security standards include assessing user applications and actively patching known vulnerabilities targeted by malware.”