Fraud Management & Cybercrime , Malware as-a-Service , Standards, Regulations & Compliance

Ukrainian Pleads Guilty for Role in Raccoon Stealer Malware

Mark Sokolovsky Admits to Felony Conspiracy Charge in US Federal Court
Ukrainian Pleads Guilty for Role in Raccoon Stealer Malware
Image: Shutterstock

A Ukrainian national pleaded guilty Monday in U.S. federal court to one count of conspiracy to commit computer intrusion in connection to his role in the Raccoon malware-as-a-service info stealer criminal operation.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

Prosecutors in 2021 indicted Mark Sokolovsky, 28, on four criminal counts for setting up the technical infrastructure used to sell the info stealer and contributing to its code. Raccoon is one of about two dozen malware-as-a-service info stealers available online, which generally get offered on a subscription basis for $200 to $300 a month.

As part of a plea agreement, Sokolovsky - known online as "raccoonstealer," "Photix," and "black21jack77777" - will also forfeit $23,975 and must pay nearly $1 million in restitution.

Dutch authorities extradited him in February after arresting him in March 2022. A joint Dutch-Italian police operation dismantled Raccoon infrastructure used at the time to filch personal data from victims' computers, including log-in credentials, financial information and session cookies, from dozens of applications (see: Ukrainian Extradited to US Over Alleged Raccoon Stealer Ties).

A digital forensic investigation conducted by the FBI identified more than 50 million unique credentials and forms of identification including email addresses, bank accounts, cryptocurrency addresses and credit card numbers stolen from victims through the Raccoon malware.

Independent journalist Brian Krebs reported European authorities arrested Sokolovsky after tracking his cell phone and the Porsche Cayenne he drove while fleeing Ukraine with a young blond woman shortly after Russia invaded the country in February 2022. His companion regularly posted travel pics on Instagram.

The infrastructure disruption didn't have a lasting effect, with researchers detecting only months later an improved version advertised in underground forums. Cyberint in August 2023 observed an upgraded version that included an improved search engine for identifying cookies and anti-detection countermeasures.

First detected in 2019, Raccoon - also known as Racealer - emerged into the top ranks of malware-as-a-service info stealers. Competitors include Redline, Vidar and Agent Tesla. Its methods of distribution include phishing and fake installers for legitimate software such as such as VPNs from F-Secure and Proton.

The FBI has a website for potential victims to investigate whether their email is in the original Raccoon database obtained by law enforcement.


About the Author

David Perera

David Perera

Editorial Director, News, ISMG

Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.