Data Allegedly Stolen from Royal Mail, Samsung Supplier

By /

Listen to this Post

Infosec outfit Hudson Rock CTO and its co-founder Alon Gal believe the allegedly stolen data originated from a Raccoon infostealer infection—a type of Windows malware that extracts sensitive information from compromised systems. The attack reportedly targeted Spectos in 2021, resulting in the theft of at least one set of employee credentials.

Source: The Register

You Should Know: Analyzing Raccoon Infostealer & Protecting Systems

What is Raccoon Infostealer?

Raccoon is a malware-as-a-service (MaaS) infostealer that logs:

  • Browser credentials (Chrome, Firefox, Edge)
  • Saved credit card details
  • Cryptocurrency wallet data
  • FTP & email client credentials
  • System information

Detecting Raccoon Infections

Use these Windows & Linux commands to check for suspicious activity:

Windows Commands:

 Check running processes for malware 
Get-Process | Where-Object { $<em>.Path -like "AppData" -or $</em>.Path -like "Temp" }

Analyze network connections 
netstat -ano | findstr "ESTABLISHED"

Check scheduled tasks (common persistence method) 
Get-ScheduledTask | Where-Object { $_.TaskPath -like "\" }

Linux Commands (if analyzing logs from infected Windows machines): 

 Search for suspicious IPs in logs 
grep -E '([0-9]{1,3}.){3}[0-9]{1,3}' /var/log/syslog

Check for unauthorized SSH access 
last -i | grep -v "0.0.0.0"

Monitor real-time network traffic 
sudo tcpdump -i any -n port 443 or port 80

Mitigation Steps

1. Reset all credentials stored in browsers.

2. Enable Multi-Factor Authentication (MFA) on critical accounts.

3. Scan with anti-malware tools:

  • Windows Defender (offline scan): 
    Start-MpScan -ScanType FullScan
  • Linux (ClamAV): 
    sudo apt install clamav 
sudo freshclam 
sudo clamscan -r /home
  1. Block known Raccoon C2 servers using firewall rules.

What Undercode Say

Raccoon infostealer remains a severe threat due to its ease of deployment and data exfiltration capabilities. Enterprises should:
– Regularly audit logs for unusual activity.
– Deploy Endpoint Detection & Response (EDR) solutions.
– Educate employees on phishing risks.
– Use YARA rules to detect Raccoon signatures in memory: 

rule Raccoon_Infostealer {
strings:
$s1 = "raccoon" nocase 
$s2 = "C2" wide 
condition:
any of them 
}

For incident responders, analyzing Windows Registry and Prefetch files can reveal traces of Raccoon: 

reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Run /s 
dir C:\Windows\Prefetch.pf

Expected Output:

A comprehensive security response including log analysis, malware scanning, and credential rotation is critical to mitigating Raccoon infostealer infections. Stay vigilant against evolving infostealer campaigns.

Reference: The Register

References:

Reported By: Hudson Rock – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: