Racoon infostealer is one version of a breed of so-called ‘infostealer’ malware that targets web browsers and steals information stored by them on your computer, such as login usernames and passwords, details of sites you’ve visited and searches you’ve done, and even financial details if they are stored by your web browser. In Raccoon infostealer’s case, it’s targeted at Windows PCs. However, there are other infostealers that are targeted at Macs. So, learning about how Raccoon infostealer malware works and what you can do to protect against it is important and will help you deal with other infostealers if you encounter them.
What is Raccoon infostealer malware?
Raccoon infostealer is malware that was first detected in 2019. It’s sold on forums on the dark web as malware-as-a-service (MAAS) and charges a weekly or monthly fee for its use. It’s targeted at Windows systems, and once deployed on a system, it targets browser autofill passwords, history, cookies, credit cards, usernames, passwords, cryptocurrency wallets, and other sensitive data. It has infected hundreds of thousands of systems since it was first released and is one of the most widely discussed malware tools on dark web forums. In addition to targeting browser data, it has custom modules that target cryptocurrency applications, password managers, email clients, and other applications. Some versions of Raccoon also allow it to be a ‘man in the middle’ between the host system and the internet, stealing data that uses that connection.
The Raccoon infostealer network temporarily closed down in 2022 but returned later that year. And in October 2022, one of the alleged hackers behind the malware was indicted by a US Grand Jury on charges of conspiracy to violate the Computer Fraud and Abuse Act, having previously faked his own death.
How does Raccoon infostealer malware work?
The first thing to say is that Raccoon is designed specifically to work on Windows systems. However, there are very similar infostealers that target Macs. Raccoon uses the process injection technique to hijack legitimate browser processes and create new ones that target cache files, steal the data from them, and send it back to a host server. It also targets the SQLite database used by web browsers and steals autofill passwords, credit card data, cookies, and browser history. Although Raccoon encrypts the data it steals, it doesn’t use sophisticated antidetection techniques, so it can be picked up by good IT security tools.
Once the data has been stolen, it can then be used by the hackers to target bank accounts and credit card accounts or to impersonate the user from whom it has been stolen. More likely, the data will be sold to multiple different parties, who will each use it to commit theft and fraud.
What infostealers target Macs?
One infostealer that targets Macs and was discovered in 2023 is Atomic. It is distributed on Telegram with a subscription fee that is reported to be $1,000/month. For that, hackers get a dmg file that contains malware designed to attack the data held in the Mac’s keychain, including usernames, passwords, and sensitive financial data. It also targets cryptocurrency extensions and wallets. The important thing is that while Raccoon itself may not target Macs, there are plenty of other infostealers and more appearing all the time. So, it’s important to be vigilant in order to protect your data.
How to protect against infostealers
Like a lot of malware, infostealers like Raccoon and Atomic rely on a user downloading malware to their Mac. There are lots of different ways hackers can do this, including phishing emails and messages, fake downloads, and other scams that involve persuading the user to download a file. The advice is always to be vigilant:
- Never click a link unless you are certain where it leads.
- Never download software unless you are certain the site you are downloading it from is legitimate.
- Don’t respond to pop-ups telling you that software needs to be updated or that your Mac is infected.
- Don’t ignore warnings from macOS telling you that something you are trying to install is from an unidentified developer.
How to check whether your Mac has been infected with malware
One way to check whether your Mac has been infected with malware and to remove it is to use a dedicated Mac antimalware tool. Another is to use a tool that, as well as checking for and removing malware, can also free your Mac from junk files, help you keep it running smoothly, and make it easy to maintain regularly. CleanMyMac X has all those tools as well as a malware detection and removal module. You can use it to manually scan your Mac for malware, and it will check files it detects against a database of known malware. You can also configure it to check your Mac in the background on a regular basis and alert you if it finds anything. If it does find malware, you can remove it with a click. You can download CleanMyMac X for free here.
Raccoon infostealer is a nasty piece of malware that is sold on the dark web on a subscription basis. Once deployed and installed on a target PC, it can steal sensitive data like browser autofill passwords, history, and cookies, credit cards, usernames, passwords, and cryptocurrency wallets. It is also able to hack cache files from some password managers. Raccoon itself isn’t targeted at Macs, but there are infostealers, including Atomic, that are. So, you should be careful about which links you click and what software you download onto your Mac, as always. If you’re worried about malware on your Mac, you can use CleanMyMac X to scan it and remove anything it finds.
