A good read about this type of infostealer in the wild, including targeting specific crypto wallets:
Raccoon targets 29 chromium-based browsers including Google Chrome, Opera, etc. (full list below) that have the same folder structure and share a similar codebase, which leads to a similar way of handling sensitive data. The sensitive data in those browsers is saved in the same format and the “User Data” application folder contains the SQLite databases. Most of the stealers, like Raccoon, perform SQL queries using sqlite3.dll in order to get the user autologin passwords, credit card information, cookies and browser history.
Hard to get around with this since everyone uses some chromium-based browsers.
The stealer also relies on the same methodology for Mozilla based applications. Because these applications have the same method and folder structure, the stealing techniques for the applications are the same. The only difference is the names. The stealer targets four Mozilla-based browsers including Firefox and SeaMonkey, (full list below) and one Mozilla-based email client, ThunderBird. For those applications, the stealer extracts and decrypts sensitive data like username and password, cookies and history. It is important to mention that Raccoon also supports an older version of Mozilla based applications – it supports Firefox versions <32, for example. In order to do so, Raccoon downloads a zip file containing a lot of DLLs for decrypting protected data. By using functions from nss3.dll, the malware is able to decrypt and extract the data from the SQLite databases and the JSON login file.
And so as Mozilla based applications itself. They have the capability to extract and decrypt the data itself, pretty scary.
When looking for cryptocurrency wallets, Racoon targets popular applications like Exodus, Jaxx and more. Like most stealers, Raccoon is looking for those wallet files in the default application locations, but it also has a wallet scanning feature that allows it to grab any wallet.dat file.
Now this is our main concern here, it has also the ability to scan for crypto related wallets such as wallet.dat file and other web-based and online wallets. We can only equipped as much knowledge as we can and educate ourselves so that we can't be the next victims of this cyber criminals. Do everything on your end to prevent this, I'm sure everyone here has each own security measures, but I would just like to remind everyone to be very sensitive of the sites we are visiting and this kind of attack vectors are usually started with some form of phishing.
https://www.cyberark.com/threat-research-blog/raccoon-the-story-of-a-typical-infostealer/
When 
There is a weakness somewhere in these browsers if a malware is able to do that alone. 
