Skip to main content

Home Raccoon


Also known as: Raccoon infostealer, Racealer, Raccoon stealer, Racealer, Mohazo

Category: Malware

Type: Trojan, Spyware

Platform: Windows

Variants: Raccoon 2.3.0, Raccoon

Damage potential: Data theft, keylogging, system and file damage, privacy breaches, identity theft, and significant financial loss.


Raccoon is a well-known information-stealing trojan that primarily targets Windows devices. This trojan was first detected in 2019, with new variants coming out over the years. Raccoon follows a malware-as-a-service (MaaS) model, meaning hackers can purchase and use it for malicious operations. Raccoon steals various types of data — from browser autofill passwords to credit card details. The latest variants are stealthy, meaning they’re more difficult to detect than earlier versions.

Possible symptoms

The symptoms of a Raccoon infection are similar to other trojan infections. The updated 2022 version of Raccoon is stealthy, so it may evade antivirus detection.

Here are the possible signs of a Raccoon infection:

  • Slower system performance
  • Unexplained network traffic
  • Disabled security software
  • Unfamiliar processes running in the Task Manager
  • Unusually high CPU or network usage
  • Suspicious pop-ups, warnings, or notifications

Sources of the infection

A Raccoon stealer may spread in many different ways, with the trojan moving fast once it infects a device. Here are some of the most common ways Raccoon spreads:

  • Cracked software. Free or cracked software may carry Raccoon or other malware, installing it on the user’s device without their knowledge.
  • Spam emails. Users may unknowingly download Raccoon by opening a malicious link or attachment in a phishing email.
  • Malicious toolkits. Cybercriminals may use malware distribution tools like the Rig Exploit Kit (RigEK) to spread Raccoon.
  • Software vulnerabilities. Some versions of Raccoon may exploit security vulnerabilities to infect a device.
  • Fake websites. Users may also accidentally download Raccoon from fraudulent websites replicating legitimate businesses (such as anti-malware software).


Hackers may infect your device with Raccoon in many ways. The most important thing is to remain cautious online and take the necessary steps to protect yourself.

  • Keep your software up to date. Raccoon may target security vulnerabilities in browsers, apps, and other software, so install updates when available.
  • Only download from trusted sites. If you’re getting a new software or app, download it from trustworthy sources (such as an official app store).
  • Use reliable anti-malware software. Protect your devices with reputable antivirus and anti-malware tools (downloaded from official websites).
  • Stay safe on email. Raccoon may spread via spam and phishing emails, so if you get an email that sounds off or looks suspicious, be cautious.
  • Browse with caution. Cybercriminals may also spread Raccoon through fake websites that look legitimate. If a URL looks suspicious, stay away from the website.
  • Use Threat Protection. For a safer online experience, use Threat Protection — NordVPN’s advanced cybersecurity feature that blocks malicious sites, intrusive trackers, and potentially harmful ads. Plus, it checks the files you download for malware.


Eliminating Raccoon from your device may prove challenging, especially if you’re dealing with the latest, stealthier version. However, the first step is disconnecting from the internet to prevent further communication with those behind the infection. Then, use a reputable antivirus or anti-malware software to scan your device and follow the instructions to remove the trojan. To be safe, you may want to consult with an experienced IT professional — but beware of scam artists.