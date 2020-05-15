SonicWall Capture Labs Threat Research Team has recently unearthed a new variant

of Raccoon stealer (V1.5). It has been used in a malicious COVID-19 campaign. Similar

to several other attacks, this campaign also begins with a phishing mail posing to carry

information on how to deal with the outbreak of Covid-19. The mail then encourages the

users to open the attached file "COVID-19 stop.zip" to get more details.

The zip file comprises of a Microsoft document in Office Open XML format opening which is an attempt made to defraud the user, enable editing, permit content to update windows and correct the application. The document carries embedded malicious macro code that executes when macro content in enabled.

Raccoon aims at an extensive range of applications with the need of specific libraries for each application to extract and decrypt the credentials. The malware looks into the victim's machine and extracts recent data for keywords specified in the mask field, such as international bank account, account, CVV, CVC, credentials, passwords, and even cryptocurrency wallets, such as the reum and bitcoin. It also pulls out recent files with the extension .pdf, .txt, .rtf and .doc. he malware has been found to be targeting browser applications such as Google Chrome, Chromium, 360 Browser, UC Browser amongst many others.

Debasish Mukherjee as VP, Regional Sales -APAC at SonicWall says;With

increasing distress in society as a consequence of Covid-19 pandemic, cyber attackers

are creating similar sounding malware to infect devices. Cybercriminals known for their

disruptive attacks are becoming innovative and are looking at novel methods to invade

IT infrastructures. As cyber attackers create chaos, it becomes imperative for a

cybersecurity provider like us to keep pace with innovation and offer boundless

cybersecurity.