The credential-stealing Raccoon Stealer is spotted using the chat app to store and update C2 addresses as adversaries find creative new ways to distribute the malware. The cybercriminals are attempting to evade detection by packing the credential stealer, using Themida or malware packers. Experts think that the developers of this malware will continue to add new features to it to make it efficient.