That’s quite a track record for a piece of malware dismissed by some for having a relatively limited feature set. Despite the reputation issues, Raccoon is a reliable niche weapon that offers a way for nontechnical attackers to get up and running quickly. That’s a big change from the recent past when the biggest risks came from perpetrators who were often more technically advanced than
What’s more, anecdotal testimonials given by traffickers in the underground community suggests that Raccoon’s development team provides reliable customer service. Researchers describe the operation as being responsive with quick replies to questions and comments on underground forums.
It’s still unclear who or what group is behind Raccoon. But there are possible clues about its origins. Once installed, Raccoon connects to a command-and-control server that steals information from the victim machine – but not if it detects language settings on the device set to some eastern European langues. If Raccon finds a match, the malware will abort.
Raccoon doesn’t include a keylogger – for now, though that may soon change. Raccoon’s development team has responded to forum requests with hints they may include a keylogging future in the near future.