Malware-as-a-Service (MaaS) and criminals’ continuous improvements allow Cybercrimminals to steal even more consumer data: cryptocurrency, credit card information, and saved passwords.
Now more than ever, it’s time to increase cyber security awareness; personally and professionally. For reference, Malware-as-a-Service is a program, offered for sale, designed to steal information from websites, computers, devices, etc. Not only does the cybercriminal buy the program, but they buy a monthly service, like improvements to software and technical support from the developer of the malware.
A Sophos study reveals the new ways this malware is used for targeting, and also what they are stealing. The article focuses on the “Raccoon Stealer” main malware-as-a-service program, used to (maybe obviously) steal data. This program is under constant review and updates to make the program more robust for its users.
Information at Risk
Raccoon Stealer is now trying to steal even more vital information from internet consumers and users. The MaaS, when it has successfully infected the machine, monitors for and steals:
- Saved browser passwords
- Cryptocurrency wallets
- Cryptocurrency miner information
- Virtual wallets
- Saved credit card information
- Website autofill data
- Browser and Social Media cookies
- Other financial information
New Infiltration / Infection Methods
During Sophos research they discovered some of the new and most used tactics the cybercriminals are using to infect victim’s devices with malware.
The tried and true way to get infected with any malware, not just the Malware-as-a-Service, is email. Going on for years, you open an email, there seems to be an important attachment, and you click to download. Not a good idea! Never download documents, or open files from an email, especially, an unknown source, but in some cases even trusted sources. Raccoon Stealers have improved their tactics and even fool virus detectors, like Google check. If you absolutely have to send, or receive files via email, use a out-of-communications system.
SEO Poisioning / WordPress Sites
An infiltration method Raccoon Stealer is using is SEO poisoning. They will rank on a search engine for a popular keyword that their target victim will be searching for on Google. Once the user finds what they are looking, they will click on the site. The victim will believe that this site has the answer to whatever they are searching for. When they arrive at the WordPress site, there will be a popup with the keyword search term, and that is where the infection will lie. Be aware of this tactic, when using Google, or other search engines.
Others To Note – More Cyber Security Awareness
MaaS has also been using popular messenger systems, such as, Discord and Telegram. They will monitor long sessions, and steal information. Also infecting users with malicious browser extensions, YouTube session click fraud bots, and cryptocurrency miners. The important thing here is to be aware of the unique ways cybercriminals are using Raccoon Stealer to steal victim information.
Ransmware-as-a-Service (RaaS) is another popular subscription service criminals are using to exploit users. Protect yourself from malware and ransomware by employing safe internet habits, training staff, using multi-factor authentication, and more. Check out the our RaaS article for more information.
