Don’t click on dodgy links…:
Criminals behind malware dubbed Raccoon Stealer have adopted a simple and effective technique to circumvent Microsoft and Symantec anti-spam messaging gateways. The technique has been used in a recent campaign targeting financial institutions via business email compromise (BEC) attacks.
According to a Cofense report posted Thursday, the malware is delivered inside an .IMG file hosted on a hacker-controlled Dropbox account.
“Using the familiar theme of a wire transfer—closely akin to those often seen in business email compromise scams—the threat actors look to trick users into opening the Dropbox URL and downloading the malicious file,” wrote Cofense authors Max Gannon and Alan Rainer.
What makes the Raccoon Stealer interesting to researchers is that it is new, easy-to-use and under active development by the hackers behind it. Cofense said the malware was first spotted in April of 2019 and since then has been leveraged in several different campaigns.