VERY IMPORTANT

Raccoon emerged as Malware as a Service (MaaS) last April 2019. Despite its simplicity, Raccoon became popular among cybercriminals and was mentioned as a notable emerging malware in underground forums in a malware popularity report. The malware is capable of stealing login credentials, credit card information, cryptocurrency wallets, and browser information. Raccoon has basic infostealer functions but an aggressive marketing campaign and overall good user experience proved enough to make up for its lack of additional features. The service is also relatively cheap, with a price that ranged from US$75 per week to $200 per month. It can arrive on a system through different delivery techniques such as exploit kits, phishing, and bundled with other malware. In this blog entry we investigate campaigns that used the exploit kits Fallout and Rig, where we also observed its use of Google Drive as part of its evasion tactics.