The doc attachment contacts a link, exploiting the Equation Editor vulnerability, and downloads an exe: the malware. Data is then exfiltered via SMTP to an email address.
Fake free Starlink download spreads RaccoonStealer. The cybersecurity researcher “idclickthat” discovered a fake website with a link that downloads a rar with a “setup” ese inside: the malware
Starlink is thew new bait for a RaccoonStealer global campaign. The cybersecurity researcher “idclickthat” discovered it. A fake official website allows users the “free download” of the internet service. However, the rar file contains a “setup” exe: the malware. RaccoonStealer is a credential-stealing Trojan, advertised and sold on underground forums as malware-as-a-service (MaaS) for $75 a week or $200 a month, and sometimes it is distributed via the Rig Exploit Kit. It gathers personal information including passwords, browser cookies and autofill data, as well as cryptowallet details. Additionally, Raccoon Stealer records system information such as IP addresses and geo-location data.