A 26-year-old Ukrainian national has been indicted in the United States for allegedly participating in the Raccoon Stealer malware-as-a-service operation, widely recognized within cybersecurity spheres for its potential to facilitate extensive data theft.
Mark Sokolovsky was taken into custody by Dutch authorities shortly after departing Ukraine on March 4, 2022, driving a Porsche Cayenne. He is currently detained in the Netherlands, awaiting extradition to the U.S.
The U.S. Department of Justice (DoJ) stated that individuals utilizing the Raccoon Stealer to pilfer sensitive information paid approximately $200 monthly for malware access, typically through cryptocurrency transactions. These perpetrators employed various tactics, including email phishing campaigns, to deploy the malware on user systems unbeknownst to the victims.
Sokolovsky reportedly operated under multiple pseudonyms—such as Photix and raccoonstealer—across cybercrime platforms to market this illicit service. The malware itself is primarily distributed disguised as compromised software and has become one of the most notorious information stealers, favored by numerous cybercriminal groups for its extensive capabilities and high level of customizability.
Since its emergence in April 2019, the operation has experienced turbulence, including a reported cessation of activities earlier this year due to the loss of a key developer, presumably linked to military actions related to the Russo-Ukrainian war. However, court documents indicate that Sokolovsky’s arrest, coupled with operational crackdowns from Italian and Dutch police, effectively dismantled the Raccoon Stealer infrastructure.
Despite this setback, a new iteration of the Raccoon Stealer, written in C/C++, has begun to resurface in underground forums as of June 2022. The developers behind this version are promoting it as user-friendly, highlighting the tools’ accessibility for those inexperienced in cybercrime.
According to the FBI, the Raccoon Stealer has contributed to the unauthorized acquisition of approximately 50 million unique credentials, impacting millions globally. This includes the theft of personal details such as email addresses, banking information, and cryptocurrency account details. The FBI has established a website, raccoon.ic3.gov, allowing users to verify if their information has been compromised by this malware.
Charges against Sokolovsky include conspiracy to commit computer fraud and related activities, conspiracy to commit wire fraud, conspiracy to launder money, and aggravated identity theft. Should he be convicted, he faces substantial penalties, potentially totaling over 20 years in prison.
“The proliferation of malware like Raccoon Stealer underpins the cybercrime ecosystem, allowing criminals to harvest valuable information and target innocent individuals across the globe,” remarked U.S. Attorney Ashley C. Hoff.
