Raccoon Stealer
Raccoon Stealer 是什么?
Raccoon StealerA long-running malware-as-a-service info-stealer first seen in 2019; its operator was arrested in 2022 and the project was restarted as Raccoon v2, then progressively eclipsed by Lumma and RedLine.
Raccoon Stealer is a malware-as-a-service info-stealer first observed in 2019, originally written in C/C++ and rented to affiliates on Russian-speaking forums for a flat monthly fee. It collected browser passwords, cookies, autofill, crypto-wallet files, FTP and email credentials, screenshots, and host details, and was among the top-three commodity stealers globally through 2020–2021. In March 2022 the operation paused after the FBI and Dutch national police arrested its alleged developer Mark Sokolovsky and seized infrastructure. A v2 (Raccoon v2 / RecordBreaker) re-launched in mid-2022 with a faster C++ rewrite, but by 2024 the project had largely been displaced by Lumma, RedLine, and StealC. Distribution leaned heavily on cracked software, malvertising, exploit kits, and Discord links. Raccoon's takedown is often cited as a case study in how arresting a single Russian-speaking operator can suppress but not eliminate a malware family.
● 示例
- 01
A 2021 Raccoon affiliate purchases a one-month license and distributes it via cracked Adobe installers, harvesting a few thousand browser logs per day.
- 02
FBI and Dutch police arrest Raccoon's alleged developer in March 2022; the project resumes as Raccoon v2 a few months later, then declines as competitors take share.
● 常见问题
Raccoon Stealer 是什么?
A long-running malware-as-a-service info-stealer first seen in 2019; its operator was arrested in 2022 and the project was restarted as Raccoon v2, then progressively eclipsed by Lumma and RedLine. 它属于网络安全的 恶意软件 分类。
Raccoon Stealer 是什么意思?
A long-running malware-as-a-service info-stealer first seen in 2019; its operator was arrested in 2022 and the project was restarted as Raccoon v2, then progressively eclipsed by Lumma and RedLine.
Raccoon Stealer 是如何工作的?
Raccoon Stealer is a malware-as-a-service info-stealer first observed in 2019, originally written in C/C++ and rented to affiliates on Russian-speaking forums for a flat monthly fee. It collected browser passwords, cookies, autofill, crypto-wallet files, FTP and email credentials, screenshots, and host details, and was among the top-three commodity stealers globally through 2020–2021. In March 2022 the operation paused after the FBI and Dutch national police arrested its alleged developer Mark Sokolovsky and seized infrastructure. A v2 (Raccoon v2 / RecordBreaker) re-launched in mid-2022 with a faster C++ rewrite, but by 2024 the project had largely been displaced by Lumma, RedLine, and StealC. Distribution leaned heavily on cracked software, malvertising, exploit kits, and Discord links. Raccoon's takedown is often cited as a case study in how arresting a single Russian-speaking operator can suppress but not eliminate a malware family.
如何防御 Raccoon Stealer?
针对 Raccoon Stealer 的防御通常结合技术控制与运营实践,详见上方完整定义。
Raccoon Stealer 还有哪些其他名称?
常见的别称包括: Raccoon, RecordBreaker。
● 相关术语
- malware№ 591
信息窃取木马
一种从受感染设备中收集凭据、Cookie、令牌、加密钱包等敏感数据并外传给攻击者的恶意软件。
- malware№ 254
凭据窃取程序
专门用于从受感染系统或其内存中提取密码、哈希和认证令牌的恶意软件。
- malware№ 708
Lumma Stealer
A subscription-priced Russian-speaking malware-as-a-service info-stealer that emerged in 2022 and became one of the top-three stealers worldwide by 2024, distributed primarily via ClickFix lures and crack sites.
- malware№ 1014
RedLine Stealer
A subscription Windows info-stealer that dominated 2020–2023 cybercrime markets, harvesting browser secrets, crypto wallets, and FTP/VPN credentials; its infrastructure was disrupted by Operation Magnus in October 2024.
- malware№ 1329
Vidar Stealer
A long-running C++ Windows info-stealer derived from the older Arkei family, active since 2018 and still distributed in 2024–2025 via cracks, malvertising, and ClickFix lures.
- malware№ 1006
勒索软件即服务(RaaS)
一种犯罪商业模式,勒索软件运营者将其恶意软件和基础设施租赁给执行攻击的关联方(affiliate),并按比例分成。