VANTAPRISM

Live Threat Pulse: 2,847 threats detected in last 24h

menu_book Malware Family

Raccoon Stealer

Also known as: Raccoon, Raccoon infostealer

Raccoon Stealer is a malware-as-a-service infostealer that harvests passwords, cookies, autofill data, and cryptocurrency wallets from infected systems. It gained notoriety for its low price and ease of use, making credential theft accessible to non-technical criminals.

What is Raccoon Stealer?

Raccoon Stealer is an infostealer first sold around 2019 on a subscription basis. Its appeal was simplicity: an easy-to-use control panel and a low monthly fee made it popular with criminals who lacked technical skills. It collects the standard infostealer dataset — credentials, cookies, autofill, cards, and crypto wallets — and supports downloading additional malware.

History and disruption

Raccoon's operations were disrupted by law-enforcement action, and the project went through pauses and relaunches (a "Raccoon v2" followed earlier versions). Its history illustrates a recurring pattern in the stealer economy: even after takedowns, demand and rebranded successors keep families circulating.

Why Raccoon matters

Because Raccoon lowered the barrier to entry for credential theft, it contributed a large volume of stealer logs into criminal marketplaces. Credentials harvested by Raccoon have been linked to downstream account takeover and intrusion activity.

How VantaPrism Tracks Raccoon Stealer

VantaPrism retains and indexes historical Raccoon stealer logs alongside current families, so analysts can search for legacy exposures that may still be valid and trace how long a credential has been circulating.

Check Your Exposure arrow_forward

Frequently Asked Questions

Is Raccoon Stealer still operational?

expand_more
Raccoon has been disrupted by law enforcement and has gone through relaunches. Even during downtime, previously stolen Raccoon logs continue to circulate and can remain valid.

What made Raccoon Stealer popular?

expand_more
Its low subscription price and simple control panel made credential theft accessible to criminals without technical expertise.

Related Terms

Infostealer Malware arrow_outward

Infostealer malware is a category of malicious software designed to silently harvest sensitive data — passwords, sess…
Stealer Logs arrow_outward

A stealer log is the package of data exfiltrated from a single device by infostealer malware. It typically contains s…
RedLine Stealer arrow_outward

RedLine Stealer is an information-stealing malware (infostealer) sold as malware-as-a-service that harvests saved bro…
Malware-as-a-Service (MaaS) arrow_outward

Malware-as-a-service (MaaS) is a criminal business model in which malware authors rent or sell their software, infras…
Account Takeover (ATO) arrow_outward

Account takeover (ATO) is when an attacker gains unauthorized control of a legitimate user account, typically using s…
← All Glossary Terms Last reviewed: June 2026