Investigators from Microsoft's Digital Crimes Unit (DCU) have disrupted the network behind the dangerous RaccoonO365 infostealer malware that targeted the usernames and credentials of Office 365 users after being granted a court order in the Southern District of New York. The operation saw a total of 338 websites linked to the popular malware seized and its technical infrastructure disrupted, severing RaccoonO365 users' access to their victims.
According to Mosyle's analysis, ModStealer is being delivered to victims through malicious job recruiter ads targeting developers. It uses a heavily obfuscated JavaScript file written with NodeJS that remains completely undetectable by signature-based defenses. And this one isn't just targeting Mac users either; Windows and Linux environments are also at risk. The malware's main goal is data exfiltration, with a particular focus on cryptocurrency wallets, credential files, configuration details, and certificates.