Fraud Management & Cybercrime , Malware as-a-Service , Standards, Regulations & Compliance
Ukrainian Pleads Guilty for Role in Raccoon Stealer Malware
Mark Sokolovsky Admits to Felony Conspiracy Charge in US Federal CourtA Ukrainian national pleaded guilty Monday in U.S. federal court to one count of conspiracy to commit computer intrusion in connection to his role in the Raccoon malware-as-a-service info stealer criminal operation.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
Prosecutors in 2021 indicted Mark Sokolovsky, 28, on four criminal counts for setting up the technical infrastructure used to sell the info stealer and contributing to its code. Raccoon is one of about two dozen malware-as-a-service info stealers available online, which generally get offered on a subscription basis for $200 to $300 a month.
As part of a plea agreement, Sokolovsky - known online as "raccoonstealer," "Photix," and "black21jack77777" - will also forfeit $23,975 and must pay nearly $1 million in restitution.
Dutch authorities extradited him in February after arresting him in March 2022. A joint Dutch-Italian police operation dismantled Raccoon infrastructure used at the time to filch personal data from victims' computers, including log-in credentials, financial information and session cookies, from dozens of applications (see: Ukrainian Extradited to US Over Alleged Raccoon Stealer Ties).
A digital forensic investigation conducted by the FBI identified more than 50 million unique credentials and forms of identification including email addresses, bank accounts, cryptocurrency addresses and credit card numbers stolen from victims through the Raccoon malware.
Independent journalist Brian Krebs reported European authorities arrested Sokolovsky after tracking his cell phone and the Porsche Cayenne he drove while fleeing Ukraine with a young blond woman shortly after Russia invaded the country in February 2022. His companion regularly posted travel pics on Instagram.
The infrastructure disruption didn't have a lasting effect, with researchers detecting only months later an improved version advertised in underground forums. Cyberint in August 2023 observed an upgraded version that included an improved search engine for identifying cookies and anti-detection countermeasures.
First detected in 2019, Raccoon - also known as Racealer - emerged into the top ranks of malware-as-a-service info stealers. Competitors include Redline, Vidar and Agent Tesla. Its methods of distribution include phishing and fake installers for legitimate software such as such as VPNs from F-Secure and Proton.
The FBI has a website for potential victims to investigate whether their email is in the original Raccoon database obtained by law enforcement.