Cybercrime: Microsoft strikes a blow against phishing Trojan RaccoonO365

Microsoft's Digital Crime Unit (DCU) has reportedly achieved success against cybercriminals hunting for Microsoft 365 accounts. To this end, they have taken 338 websites associated with the RaccoonO365 phishing Trojan out of circulation.

Crimeware-as-a-Service

According to a report on the action, this has paralyzed a large part of the infrastructure, and attackers no longer have access to compromised PCs of victims, among other things. Internally, Microsoft refers to the Trojan as Storm-2246.

The campaign is based on the RaccoonO365 malware. This is a phishing kit that criminals can rent. Among other things, the all-in-one package creates fraudulent emails and websites with Microsoft branding to trick victims and elicit their account data. The problem is that, according to the report, even beginners should be able to get to grips with the operation, making cybercrime entry a frighteningly low threshold.

The DCU explains that the malware was sold in a group on the messenger Telegram. This group has more than 850 members, and the criminals are said to have made a profit of around 100,000 US dollars from the sale of RaccoonO365 so far. The criminals are said to act very professionally and even offer support for their customers, among other things.

Distribution

Microsoft states that RaccoonO365 has been used in 94 countries to hijack around 5,000 accounts since July 2024. These primarily include victims in the USA, including from the healthcare sector. It is not clear from the report whether the phishing campaign has finally ended as a result of the successful strike.

(des)