SonicWall Capture Labs Threat Research Teams Uncovers New Variant of Raccoon Stealer

• The malware was used in a malicious COVID-19 campaign
• The attack begins with a phishing mail pretending to carry information on how to deal with the outbreak of Covid-19
• The malware targets a long list of browser applications such as Google Chrome, Chromium, 360 Browser, UC Browser.   

 SonicWall Capture Labs Threat Research Team has recently unearthed a new variant of Raccoon stealer (V1.5). It has been used in a malicious COVID-19 campaign. Similar to several other attacks, this campaign also begins with a phishing mail posing to carry information on how to deal with the outbreak of Covid-19. The mail then encourages the users to open the attached file “COVID-19 stop.zip” to get more details.

The zip file comprises of a Microsoft document in Office Open XML format opening which is an attempt made to defraud the user, enable editing, permit content to update windows and correct the application. The document carries embedded malicious macro code that executes when macro content in enabled.

Raccoon aims at an extensive range of applications with the need of specific libraries for each application to extract and decrypt the credentials. The malware looks into the victim’s machine and extracts recent data for keywords specified in the mask field, such as international bank account, account, CVV, CVC, credentials, passwords, and even cryptocurrency wallets, such as the reum and bitcoin. It also pulls out recent files with the extension .pdf, .txt, .rtf and .doc.

The malware has been found to be targeting browser applications such as Google Chrome, Chromium, 360 Browser, UC Browser amongst many others.

Debasish Mukherjee as VP, Regional Sales -APAC at SonicWall says, “With increasing distress in society as a consequence of Covid-19 pandemic, cyber attackers are creating similar sounding malware to infect devices. Cybercriminals known for their disruptive attacks are becoming innovative and are looking at novel methods to invade IT infrastructures. As cyber attackers create chaos, it becomes imperative for a cybersecurity provider like us to keep pace with innovation and offer boundless cybersecurity.”

About SonicWall

SonicWall delivers Boundless Cybersecurity for the hyper-distributed era in a work reality where everyone is remote, mobile and unsecure. SonicWall safeguards organizations mobilizing for their new business normal with seamless protection that stops the most evasive cyberattacks across boundless exposure points and increasingly remote, mobile and cloud-enabled workforces. By knowing the unknown, providing real-time visibility and enabling breakthrough economics, SonicWall closes the cybersecurity business gap for enterprises, governments and SMBs worldwide. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.