top of page

Raccoon Stealer Malware: What You Need to Know


First making real headlines in 2019, the Raccoon Stealer malware originated on the Dark Web and quickly proliferated. This isn’t just because the sole perpetrator got busy, but because they’re able to sell subscriptions to buyers on the Dark Marketplace. Thanks to what’s known as malware-as-a-service, threat actors quickly overtook hundreds of thousands of devices.

Operations briefly ceased following the Russian invasion of Ukraine, or so the developers claimed. Reportedly one of their group members had been killed in the conflict and they ceased operations for several months. Raccoon Stealer went quiet.

Just three years after its initial discovery, though, Zscaler analysts indicate that a new version of the Raccoon Stealer malware is back with greater challenges for the machines it infects.

How It Works

This particular infection goes by several monikers. Also known as Legion, Mohazo and Racealer, it is actually a trojan which disguises itself as a benign file or program to convince you to download or click on the link. After it’s on your device, the hidden malware executes.

Cybercriminals who use Raccoon Stealer can also purchase logs of stolen information directly. Instead of launching the attack, they simply buy, for example, a bundle consisting of your Facebook login information. Then the purchaser can log on, blast phishing messages to all of your friends and even steal money or crypto funds.

Trojans rely on appearing like legitimate software, so you have to slow down and really assess new files before downloading them. In 2022, Trojans made up more than half of malware infections around the world.

Raccoon Stealer 2.0

Raccoon Stealer malware infects targeted machines to steal credentials from their users. The malware is capable of all kinds of malicious acts, such as…

  1. Targeting particular apps

  2. Recording fingerprint information

  3. Stealing passwords and log-in information, especially autofill data

  4. Stealing saved cards and cryptocurrency

  5. Viewing cookies, programs and more

  6. Access your downloaded programs, as well as all of their data

  7. Using hacked accounts for purchases

The new version that has been infecting machines in 2022 is much more effective at completing these awful goals. The new malware is written in a different programming language (C as opposed to C++) which is slightly smaller and therefore works faster, though lacking various features. However, this also happens to make it more efficient at committing theft than the first Raccoon Stealer malware.

The newer version is also capable of running on both 32- and 64-bit systems without dependencies. In summary, it’s a dangerous variant that is projected to grow more capable and remain a household name.


Regularly update your antivirus software to best protect yourself against the Raccoon Stealer trojan, as well as any other malware you might come up against in the future. Automated system scanners alert you instantly to suspicious activity, while Dark Web monitoring can tell you as soon as your PII (personal identifiable information) appears on the dark marketplace for cybercriminals like Raccoon Stealer subscribers to purchase.

Be on the lookout for new viruses and updated versions of old threats! Active monitoring, hardware upgrades and software updates, and antivirus software are just a few of the tools available to help guard your devices against cybercriminals.

Follow our blog for the latest tips in avoiding cybercriminal threats and remaining cyber-safe!


0 views0 comments


bottom of page