Skip to content
MalwareWiki

Infostealer

Raccoon Stealer

aka Raccoon · RecordBreaker (v2)

A popular malware-as-a-service infostealer that harvested credentials and crypto wallets at scale, with a 2022 disruption and later relaunch.

Raccoon Stealer is a subscription infostealer sold as a service since 2019. For a modest monthly fee, affiliates received a stealer that grabs saved passwords, cookies, autofill, payment cards and cryptocurrency wallets, plus a panel to manage stolen "logs."

Disruption and return

In 2022 the operation paused after a key developer was arrested, and the US DOJ announced a disruption. It returned as v2 (RecordBreaker) with a rewritten backend — illustrating how resilient the infostealer market is. Campaign data is on Cyber Breaches.

Distribution

Raccoon rides cracked software, fake installers and malvertising. A config-extraction walkthrough lives on the Reverse Engineering Hub.

Defense

Block untrusted executables, enforce phishing-resistant MFA, and expire sessions to devalue stolen cookies.