Cybercrime as-a-service , Fraud Management & Cybercrime

US Indicts Ukrainian for Role in Raccoon Malware Scheme

Malware-as-a-Service Infostealer Infected Millions of Computers
US Indicts Ukrainian for Role in Raccoon Malware Scheme
Image: Tambako The Jaguar/CC BY-ND 2.0

A man behind the malware-as-a-service Raccoon infostealer faces extradition to the United States and the prospect of more than 20 years in prison.

See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing

Dutch authorities arrested Ukrainian national Mark Sokolovsky, 26, in March, shows a newly unsealed indictment from federal prosecutors in Texas.

Sokolovsky's arrest was timed with an international law enforcement operation that dismantled the infrastructure supporting Raccoon at the time. Statements posted on criminal forums shortly after the operation said the Trojan would no longer be available, suggesting the closure was somehow tied to Russia's ongoing invasion of Ukraine.

Sokolovsky's unnamed co-conspirators have since relaunched the operation with a rewritten Trojan, finds research from cybersecurity firm Sekoia.

Sokolovsky is appealing a Dutch court's September ruling permitting his extradition to the United States.

Raccoon has found popularity among online criminals since its 2019 emergence. Access to an administration panel and customer service costs users $200 in cryptocurrency a month or $75 a week. An analysis of the malware by CyberArk concluded it was "not the most sophisticated malware that's available to cyber attackers, but it proves to be quite effective." Cybercriminals could customize the configuration and snatch data from almost 60 applications.

Prosecutors say users infected victims with the remote access Trojan through phishing emails. CyberArk also spotted its spread via web exploit kits probing for vulnerable browser-based applications. French cybersecurity firm Sekoia found Raccoon spreading as supposedly cracked applications for would-be software pirates.

Millions of victims had data including personal and financial information and passwords stolen through Raccoon, prosecutor allege. FBI agents say they've identified more than 50 million unique credentials and forms of identification such as bank accounts and cryptocurrency addresses taken by Raccoon users. The bureau has created a website allowing anyone to check if their email is in the Raccoon victim database. Those who get a match will receive a confirmation email containing additional information.

Sokolovsky faces four criminal charges including conspiracy to commit wire fraud and money laundering and conspiracy to commit fraud in connection with computers. His online handles include Photix, raccoonstealer and black21jack77777.

About the Author

David Perera

David Perera

Editorial Director, News, ISMG

Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.