Sophos report: Widely used raccoon stealer also uses Telegram for crypto mining and crypto theft. For the first time, the Telegram chat service was also used for command and control communication.
Sophos has released the new study "Trash Panda as a Service Raccoon-Stealer Steals Cookies, Cryptocoins and More". The topic is a stealer that steals cryptocurrencies and information disguised as a pirate copy and at the same time injects harmful content such as cryptominers onto the target systems.
“With much of our daily and professional life now dependent on web-based services, cybercriminals are increasingly targeting stored web credentials with their malware, which gives them access to much more than stolen password hashes,” says Sean Gallagher, Senior Threat Researcher at Sophos.
Raccoon stealer is also targeting crypto wallets
“The cybercrime campaign we observed shows that the Raccoon-Stealer steals passwords and cookies as well as autofill text from websites – including credit card details and other personal information that can be stored by a browser. Raccoon-Stealer is now also targeting crypto wallets thanks to a recent update of the so-called Clipper malware, which modifies clipboard data or the target information for a cryptocurrency transaction. The update allows systems to be infected with additional malware or files to be retrieved and loaded. That's a lot of options that cybercriminals can easily monetize with a service that costs them just $75 a week to rent," Gallagher said.
Telegram as a new and additional tactic
Raccoon stealers are usually spread via spam email. In the series of attacks investigated by Sophos, however, it is spread via droppers, which the operators have disguised as cracked software installers. Droppers combine the raccoon stealer with additional attack tools, including malicious browser extensions, YouTube click fraud bots and Djvu / Stop, a ransomware that primarily targets private users. According to the Sophos research results, the criminals behind the Raccoon Stealer campaign also used the Telegram chat service for command and control communication for the first time.
Protection for companies and individuals
For businesses, Sophos recommends protecting all accounts of online services for communication and collaboration in the workplace with multi-factor authentication (MFA). In addition, it should be ensured that the computers of all employees have up-to-date malware protection. Sophos Intercept X protects endpoints by detecting the actions and behavior of malware such as raccoon stealers. The security solution also checks the memory for suspicious activities and protects against fileless malware.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.