On March 25, 2022, the operator of Raccoon Stealer, who was active on the dark web forum, temporarily suspended his activities since a key developer died in the Russia-Ukraine War.
On May 17, 2022, the operator mentioned that the development of a new version of the stealer was completed, and uploaded details of changes, improvements, and prices to their Telegram channel.
On June 9, 2022, the operator resumed activities on the dark web forum where they were active and wrote a comment asking for inquiries aboutRaccoon Stealer V2to contact via Telegram.
During deep & dark web monitoring, we confirmed that the Stealer log file, which is generated byRaccoon Stealer V2, has already begun to be traded and shared among cybercriminals.
From what has been confirmed so far, it is estimated that attacks usingV2started in earnest in June after the testing period.
As a result of obtaining and analyzing the Raccoon StealerV2sample, it was confirmed that there were no significant differences in the overall execution flow although many parts were changed.
It is judged thatV2will be continuously updated in the future in that there are unfinished codes compared to V1 and functions such as analysis interruption.
Currently, it is distributed in the same way as V1, disguised as Cracked Software, but as it is updated toV2, continuous monitoring is required to see if there is any change in the distribution method in the future.