GOLD ROCOCO

GOLD ROCOCO is a financially motivated cybercriminal threat group that develops and operates the Raccoon Stealer Malware as a Service (MaaS). This service is leased on a monthly basis and marketed on underground forums to criminals who deploy it through fake browser updates, phishing, fake software installers, and by other means. Raccoon Stealer is Windows-based malware that steals personal information, stored credentials, browser cookies, arbitrary files, and cryptocurrency wallets. Raccoon Stealer malware can also execute arbitrary commands and additional malware payloads on infected systems. GOLD ROCOCO has deployed Raccoon Stealer since at least August 2018 and switched to a MaaS payment model in February 2019. Operations temporarily ceased in March 2022 due to the seizure of crucial parts of its infrastructure and the arrest of developer and operator Mark Sokolovsky by authorities. GOLD ROCOCO resumed activity in June 2022 with the so-called version 2 of Raccoon Stealer.