Cyber Security Threat Summary:
The resurgence of the Raccoon Stealer malware is marked by the release of version 2.3.0 after a 6-month hiatus. Raccoon Stealer is a well-known information-stealing malware that has been active since 2019, offered to threat actors through a subscription model at $200 per month. The malware targets over 60 applications to collect sensitive data such as login credentials, credit card details, browsing history, cookies, and cryptocurrency wallets.

The project faced uncertainty when its primary author, Mark Sokolovsky, was arrested in the Netherlands in October 2022, leading to the takedown of the malware's infrastructure by the FBI. However, the developers have returned with renewed efforts, introducing new features based on customer feedback and cybercrime trends to enhance the user experience and maintain their position in the info-stealers market.

The new version, 2.3.0, brings "quality of life" and operational security (OpSec) improvements. These include a quick search tool, automated deletion of suspicious activities, and a reporting system to block IPs used by security researchers. A Log Stats panel provides users with a comprehensive overview of their operations, targeted regions, and breached computers” (BleepingComputer, 2023).

Security Officer Comments:
The return of Raccoon Stealer's 2.3.0 version shows hackers can change and want to make money. They're stealing lots of data with this software. Even though there were problems before, they're back and trying new things. They're making the software better and safer for themselves. But now, they're also taking cookies to trick security systems, which is more dangerous. This teaches us that we need strong computer security to stop these new tricks.

Suggested Correction(s):
To protect against Raccoon Stealer and all infostealers, password managers should be used instead of storing credentials on the browser. Furthermore, multi-factor authentication should be enabled on all accounts and avoid downloading executables from dubious websites even if redirected there from legitimate sources such as Google Ads, YouTube videos, or Facebook posts.

Link(s):
https://www.bleepingcomputer.com/