A new threat enticing users to download malware by masquerading as a “Privacy Tools” service offering a tool that “encrypts” user data using a zip-like utility. The fake website is professional-looking and contains detailed descriptions of the alleged service including step-by-step instructions on how to download the privacy tools which turn out to be malware. Identified the initial payload as Smoke Loader, a popular downloader is available on easily accessible forums for buying and selling malware and used by multiple threat actors. The malware subsequently installs follow-on data-stealing malware including Raccoon Stealer, the malware gathers information about the machine like the OS arch and version, system language, hardware information, and installed applications. In addition, it can take screenshots from the user’s machine if that was enabled by the attacker’s configuration. After fulfilling all its stealing capabilities, Raccoon gathers all the files that it wrote to the temp folder into one zip file named Log.zip. Now, all it has to do is send the zip file back to the C&C server and delete all traces of itself.