We are talking about infostilere Raccoon, which steals data from more than 50 popular browsers kriptovalyutnyh purses and mail clients.
The stealer itself began to gain popularity in 2019 and has already infected over a million devices. And in February of this year, the creator’s computer was infected.
Presumably, this was done to test the new functions of the stealer for extracting passwords from Google Chrome. But all the same, the data was compromised and got to be tracked by specialists from Hudson Rock on the platform Cavalier.
They found a spoofed real IP address on18.104.22.168which stands for DNS from Cloudflare. Several email addresses were also found.
According to the collected data, the developer is Russian-speaking. This is indicated by the visit logs of the Russian-language cybersecurity forum, as well as the malware settings.
If it determines that the system uses Russian, Ukrainian, Belarusian, Kazakh, Kyrgyz, Armenian, Tajik or Uzbek, it will immediately stop working.