A malware developer unleashed their creation on their system to check out new options and the information ended up on a cybercrime intelligence platform, exposing a glimpse of the cybercriminal endeavor.
The risk actor is the developer of Raccoon, an data stealer that may collect data from dozens of applications and has been rising in recognition for the previous two years.
E-mail and a reputation, however not sufficient
Whereas testing a variant of the stealer, the developer of Raccoon contaminated their very own system, a transfer that instantly triggered the information to circulation to the command and management (C2) server and additional on, to cybercrime boards.
Raccoon developer’s contaminated check system was discovered via Hudson Rock’s Cavalier platform, a cybercrime intelligence database that displays compromised machines.
Alon Gal, Hudson Rock co-founder and Chief Know-how Officer, says that Raccoon infostealer has multiple million compromised methods which might be being tracked via Cavalier.
The researcher informed BleepingComputer that the developer of Raccoon infostealer contaminated their machine in February however went unnoticed as a result of it introduced no curiosity because it was not a machine belonging to the corporate’s shoppers.
It attracted consideration via its IP handle, 220.127.116.11, modified on goal within the command and management server in order that the true one wouldn’t get captured, Gal says. Humorous sufficient, the IP handle is utilized by Cloudflare’s public Area Title System (DNS) resolver.
The info collected from the self-infected system reveals that the developer examined the malware’s capacity to extract passwords from Google Chrome, an important attribute for any data stealer.
Further data trawled from the Raccoon check pc revealed a reputation and a number of electronic mail addresses related to the malware.
Sadly, the main points are inadequate to find out the identification of Raccoon’s developer. Gal says that the malware creator “seemingly contaminated [the machine] on goal” and was cautious sufficient to take away the main points that might reveal who they’re earlier than unleashing the malware.
For example, electronic mail addresses used for varied companies include both “raccoon” or “raccoonstealer,” indicating that they’re used for buyer communication.
The researcher additionally discovered the title Benjamin Engel, a hacker from Berlin and fundamental character within the 2014 German hacker film “Who Am I.”
Different particulars picked from the check system confirmed that the developer’s check field had cookies indicating logging into a Russian-speaking discussion board that’s fashionable with outstanding cybercriminal teams.
Gal was capable of examine the ID within the cookie generated when logging into the discussion board with the ID connected to the Raccoon stealer account locally.
Whereas the knowledge collected this fashion doesn’t include the hints essential to place an actual title to Raccoon’s developer, it reveals that cybercriminals may slip up and there may be nonetheless hope to catch them off guard.