According to Vitali Kremez, CEO of threat intelligence company Advanced Intelligence, and James Maude, lead cyber-security researcher at security firm BeyondTrust, based on the format of the “bot_ID” field assigned to each infected host, the server was collecting data from users infected with version 1.7.2 of the RaccoonStealer malware.

Malware Group Leaks Millions of Stolen Authentication Cookies