The threat actors behind the Racoon Stealer malware announced they suspend operations after one of their core developers died in the invasion of Ukraine.
First spotted in 2019 and advertised as a ‘Malware-as-a-Service’ (MaaS) on various cybercriminal forums, Raccoon Stealer is the malware designed for data theft, including passwords, cookies and autofill from all popular browsers, CC data, system information, cryptocurrency wallets.
The gang’s announcement posted on a hacking forum was spotted by security researcher known online as “3xp0rt.”
“Dear Clients, unfortunately, due to the "special operation", we will have to close our project Racoon Stealer. The members of our team who are responsible for critical moments in the operation of the product are no longer with us. We are disappointed to close our project, further stable operation of the stealer is physically impossible,” the group wrote.
The gang, however, added that they don’t have any intention of abandoning the project and plan to return with a rewritten product in a few months.
With the Racoon Stealer MaaS out of business, threat actors are now switching to a similar service, Mars Stealer. According to a post on the Russian-speaking XSS hacking forum, the MarsTeam has been overwhelmed with requests, indicating that a rise in Mars Stealer campaigns should be expected in the near future.
Cybersecurity Help’s statement on the critical situation in Ukraine
On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war! Слава Україні!