{
	"id": "9472332d-448c-4c74-a980-3f35254e9a30",
	"created_at": "2026-04-06T00:19:25.741723Z",
	"updated_at": "2026-04-10T03:21:59.185026Z",
	"deleted_at": null,
	"sha1_hash": "b3d0d27577e7ac9d581d5f578cbe44bb18e49507",
	"title": "Raccoon Stealer malware suspends operations due to war in Ukraine",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3523293,
	"plain_text": "Raccoon Stealer malware suspends operations due to war in Ukraine\r\nBy Lawrence Abrams\r\nPublished: 2022-03-25 · Archived: 2026-04-05 14:17:30 UTC\r\nThe cybercrime group behind the development of the Raccoon Stealer password-stealing malware has suspended its\r\noperation after claiming that one of its developers died in the invasion of Ukraine.\r\nRaccoon Stealer is an information-stealing trojan distributed under the MaaS (malware-as-a-service) model for $75/week or\r\n$200/month. Threat actors who subscribe to the operation will get access to an admin panel that lets them customize the\r\nmalware, retrieve stolen data (aka logs), and create new malware builds.\r\nThe malware is very popular among threat actors as it can steal a wide variety of information from infected devices,\r\nincluding stored browser credentials, browser information, cryptocurrency wallets, credit cards, email data, and other data\r\nfrom numerous applications. \r\nhttps://www.bleepingcomputer.com/news/security/raccoon-stealer-malware-suspends-operations-due-to-war-in-ukraine/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/raccoon-stealer-malware-suspends-operations-due-to-war-in-ukraine/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nRaccoon Stealer operation suspended\r\nAs first spotted by security researcher 3xp0rt, the threat actors behind the Raccoon Stealer posted today to Russian-speaking\r\nhacking forums that they are suspending their operation after one of their core developers was killed in the invasion of\r\nUkraine.\r\n\"Dear Clients, unfortunately, due to the \"special operation\", we will have to close our project Raccoon Stealer.\r\nThe members of our team who are responsible for critical moments in the operation of the product are no longer\r\nwith us. \r\nWe are disappointed to close our project, further stable operation of the stealer is physically impossible.\"\r\nRaccoon Stealer operation suspending operations\r\nSource: 3xp0rt\r\nHowever, it does not appear that they will be gone forever, as they state that they plan to rebuild the lost components and\r\nrelaunch in a few months.\r\nWith the closure of Raccoon Stealer, 3xp0rt told BleepingComputer that threat actors are now moving to the Mars Stealer\r\noperation, which offers a similar service as Raccoon.\r\nAccording to a post on the Russian-speaking XSS hacking forum, the 'MarsTeam' has been overwhelmed with requests since\r\nRaccoon announced they are shutting down, making it difficult to respond to everyone.\r\nThreat actors switching to Mars Stealer\r\nhttps://www.bleepingcomputer.com/news/security/raccoon-stealer-malware-suspends-operations-due-to-war-in-ukraine/\r\nPage 3 of 4\n\n3xp0rt says that we should expect a surge of Mars Stealer campaigns shortly, as threat actors move to the service, which\r\noperates similarly to Raccoon.\r\nUkraine has an active cybercrime community\r\nThe invasion of Ukraine has had a significant impact on cybercrime and the hacking underground, with many threat actors\r\nresiding in the country and publicly taking sides in the war.\r\nA representative of the now-defunct Maze ransomware operation recently released the master decryption keys for past\r\nvictims on BleepingComputer's forums.\r\nIn a conversation with the Maze representative who leaked the keys, BleepingComputer was also told that he is Ukrainian\r\nand was arrested by the Ukrainian police.\r\nThe recent 'Conti Leaks' of internal chats, source code, and the doxing of TrickBot and Conti ransomware members was\r\ndirectly caused by the criminal operations taking sides with Russia and upsetting Ukrainian threat actors and researchers.\r\nLaw enforcement has also been very active over the past year, arresting numerous threat actors [1, 2, 3, 4, 5, 6] residing in\r\nUkraine.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/raccoon-stealer-malware-suspends-operations-due-to-war-in-ukraine/\r\nhttps://www.bleepingcomputer.com/news/security/raccoon-stealer-malware-suspends-operations-due-to-war-in-ukraine/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/raccoon-stealer-malware-suspends-operations-due-to-war-in-ukraine/"
	],
	"report_names": [
		"raccoon-stealer-malware-suspends-operations-due-to-war-in-ukraine"
	],
	"threat_actors": [],
	"ts_created_at": 1775434765,
	"ts_updated_at": 1775791319,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b3d0d27577e7ac9d581d5f578cbe44bb18e49507.pdf",
		"text": "https://archive.orkl.eu/b3d0d27577e7ac9d581d5f578cbe44bb18e49507.txt",
		"img": "https://archive.orkl.eu/b3d0d27577e7ac9d581d5f578cbe44bb18e49507.jpg"
	}
}