Raccoon Malware: The Latest Cybersecurity Threat

Raccoon Malware: The Latest Cybersecurity Threat

With more and more people working remotely, cybercriminals are taking advantage of their new opportunities to steal information from unprotected devices.

Popular platforms with sensitive business information, such as Microsoft 365, have been a major target, while other cyber thieves have focused on infiltrating your device’s internal system.

Unfortunately, a specific form of malware is once again becoming more popular and making its way through the internet. It’s crucial that you know the warning signs of this criminal tool to keep your company safe.

We’re taking a close look at raccoon malware – what it is, how it works and how your company can avoid this threat.

What Is Raccoon Malware?

Raccoon malware (also known as raccoon infostealer) is currently being sold in underground markets, becoming more popular every day. It’s a relatively accessible product, being sold on average for $200.

In essence, Raccoon is a browser attacker. It can steal data from 35 different versions of browsers, and the odds are that your favorite browsers, like Chrome and Firefox, are on that list. More than 60 additional applications are vulnerable to Raccoon across popular systems like Windows and macOS, making it a serious threat.

The malware works to steal valuable data from wireless connections, even those that are encrypted. It exploits these systems to steal personal financial and data, along with additional vulnerable information you may have saved on your device.

In most cases, Raccoon makes it onto computers through phishing and exploit kits, which are online toolboxes that divert traffic, scan for sensitive browser information and run malware. These two menaces usually present themselves as suspicious-looking emails or websites.

How Does Raccoon Malware Work?

By modern standards, Raccoon malware is not the most sophisticated software for attacking computers – and that’s what makes it dangerous. It's easy to use (and relatively inexpensive), making it more accessible to a larger pool of cybercriminals, thus more of a threat to devices everywhere.

The Raccoon process starts with implementation. First, in most cases, a phishing attack will gain access to the computer. For example, you may receive an odd-looking email with a Microsoft Office attachment, like a document or spreadsheet. It’s important to look both at the subject line and the sender of these emails. If they’re not recognizable, don’t open these emails. If you do open them, do not download the attachment. By downloading these attachments, malware can insert itself into your device.

If the cybercriminal isn’t using emails, they may choose to use an exploit kit instead. Hackers will host this kit on a specific website, and when a user interacts with the fraudulent site, the malware is downloaded.

These sites could potentially look like a legitimate webpage depending on their skill. Before you choose to engage with these websites (e.g., inputting your credentials or clicking on links), be sure to check for the lock symbol in the left corner of your search bar, indicating it’s a secure website. If it’s a common website, like Amazon or PayPal, compare it to the sites you usually visit and check for differences.

Raccoon works by specifically finding the vulnerabilities in your system’s software. Once active, the malware works as a man-in-the-middle attacker. It creates cracks in encrypted communication that allow malicious parties to steal otherwise protected information. Since the malware primarily attacks secured browser connections, it gets a good look at virtually all information sent online, including sensitive company details and financial information.

That said, Raccoon has actually been on major cybersecurity radars since 2019. While it may be a little older than some newer malware, it’s been able to level up and is becoming increasingly dangerous in our new remote society. Luckily, because it’s not brand new, many major browsers have featured updates to minimize risk.

If Your Company Gets Attacked

To stay secure, your company needs to have measures in place to prevent potential attacks. But, say your company does become vulnerable to dangerous malware. Don’t worry – there are steps you can take to resolve the situation.

The first is to isolate suspected devices. Whether it is a personal device or a company server, it should not connect to any of your business or private networks if you think it has malware. Once isolated, it can be audited by IT and malware can potentially be eliminated.

Next comes a potentially stressful process if you don’t have a disaster recovery plan in place. If there is any reason to suspect that your company’s data has been compromised, you must inform those affected parties. If you think any financial information was stolen, contact the financial institutions to secure your accounts and change your credentials. After an experience like this, encourage your employees to update their current passwords, and consider investing in a strong password manager for your company.

To lessen the likelihood of being a ransomware victim, make sure your company is following these best practices:

  • Keep your anti-virus and anti-malware software updated.
  • Consistently update your devices to avoid any missing patches or bug fixes.
  • Remind your employees to not click or download email attachments from unknown senders.
  • Mandate that your employees choose strong passwords.
  • Make sure your internet connection is secure and encrypted.

Raccoon is currently one of the larger names in prolific malware. Ultimately, its efficacy will fade, but you want to be protected sooner than later.

If you’re ready to level up your company’s cybersecurity, Switchfast has a free downloadable guide to help you get started. Raccoon Malware: The Latest Cybersecurity Threat