Alleged Operator of Raccoon Infostealer Extradited to U.S. Facing Prison over Financial Crimes

A Ukrainian national was extradited to the United States from the Netherlands after being indicted for crimes related to fraud, money laundering and aggravated identity theft using the Raccoon infostealer, the US Justice Department has announced.

28-year-old Mark Sokolovsky allegedly conspired to operate the Raccoon Infostealer as a malware-as-a-service (MaaS). Court documents say Sokolovsky leased access to the malware for around $200 a month, paid for in cryptocurrency, and used social engineering ruses like phishing to deploy the malware onto the computers of unsuspecting victims.

The defendant then allegedly stole personal data, including login credentials, financial information, and other personal records. He then used the stolen data to commit financial crimes or sold it on cybercrime forums, according to the indictment.

The FBI has collected data stolen from multiple computers infected with Raccoon, including more than 50 million unique credentials and forms of identification, the DOJ says.

The feds admit they have a ways to go to identify all the data stolen by Raccoon operators, so they are actively investigating the crimes committed using this malware.

Sokolovsky is charged with one count of conspiracy to commit fraud and related activity in connection with computers; one count of conspiracy to commit wire fraud; one count of conspiracy to commit money laundering; and one count of aggravated identity theft. He made his initial court appearance Feb. 9, and is held in custody pending trial, the DOJ said.

In March 2022 the FBI and law enforcement partners in Italy and the Netherlands dismantled the digital infrastructure supporting the Raccoon Infostealer, taking its then-existing version offline. The bust was concurrent with Sokolovsky’s arrest by Dutch authorities.

The FBI has created a website where anyone can input their email address to see if it’s in the US government’s repository of Raccoon Infostealer stolen data.

The confirmation email provides additional information, resources, and links. If you do not receive an email, that’s good news – meaning the address you provided does not show up in the feds’ Racoon database. However, this doesn’t guarantee your email hasn’t been snatched by operators of Raccoon or other infostealers.

Racoon was lucratively used to steal not just login credentials, but also credit card information, cryptocurrency wallets, browser cookies, and autofill data.

Bitdefender recommends that netizens keep watch for unsolicited emails or texts asking for personal identification. If in doubt, contact the sender on a different channel. For peace of mind, consider using a dedicated security solution on your personal devices.

Bitdefender Identity Theft Protection offers continuous monitoring of your identity, privacy and credit status, and alerts you when your personal or financial information is at risk. You also get loss prevention, restoration services, and insurance up to $2 million.