US Indicts Ukrainian for Role in Raccoon Malware SchemeMalware-as-a-Service Infostealer Infected Millions of Computers
A man behind the malware-as-a-service Raccoon infostealer faces extradition to the United States and the prospect of more than 20 years in prison.
Dutch authorities arrested Ukrainian national Mark Sokolovsky, 26, in March, shows a newly unsealed indictment from federal prosecutors in Texas.
Sokolovsky's arrest was timed with an international law enforcement operation that dismantled the infrastructure supporting Raccoon at the time. Statements posted on criminal forums shortly after the operation said the Trojan would no longer be available, suggesting the closure was somehow tied to Russia's ongoing invasion of Ukraine.
Sokolovsky's unnamed co-conspirators have since relaunched the operation with a rewritten Trojan, finds research from cybersecurity firm Sekoia.
Sokolovsky is appealing a Dutch court's September ruling permitting his extradition to the United States.
Raccoon has found popularity among online criminals since its 2019 emergence. Access to an administration panel and customer service costs users $200 in cryptocurrency a month or $75 a week. An analysis of the malware by CyberArk concluded it was "not the most sophisticated malware that's available to cyber attackers, but it proves to be quite effective." Cybercriminals could customize the configuration and snatch data from almost 60 applications.
Prosecutors say users infected victims with the remote access Trojan through phishing emails. CyberArk also spotted its spread via web exploit kits probing for vulnerable browser-based applications. French cybersecurity firm Sekoia found Raccoon spreading as supposedly cracked applications for would-be software pirates.
Millions of victims had data including personal and financial information and passwords stolen through Raccoon, prosecutor allege. FBI agents say they've identified more than 50 million unique credentials and forms of identification such as bank accounts and cryptocurrency addresses taken by Raccoon users. The bureau has created a website allowing anyone to check if their email is in the Raccoon victim database. Those who get a match will receive a confirmation email containing additional information.
Sokolovsky faces four criminal charges including conspiracy to commit wire fraud and money laundering and conspiracy to commit fraud in connection with computers. His online handles include Photix, raccoonstealer and black21jack77777.