US Charges Ukrainian National for Alleged Involvement in Raccoon Stealer Malware Campaign

Colin Thierry
Colin Thierry Writer
Colin Thierry Colin Thierry Writer

US authorities charged 26-year-old Ukrainian national Mark Sokolovsky for his alleged involvement in the Raccoon Stealer malware campaign.

According to the indictment, the suspect engaged in malicious activities under the nicknames raccoonstealer, black21jack77777, and Photix. Sokolovsky was placed in jail in the Netherlands after being arrested in March and is currently awaiting extradition to the United States.

The FBI also issued a press release on Tuesday that detailed the investigation leading to Sokolovsky’s indictment. The document covered some of the techniques deployed by the threat actors behind the Raccoon Stealer operation, along with the type of information that they stole throughout the campaign.

“While an exact number has yet to be verified, FBI agents have identified more than 50 million unique credentials and forms of identification (email addresses, bank accounts, cryptocurrency addresses, credit card numbers, etc.) in the stolen data from what appears to be millions of potential victims around the world,” read the FBI’s press release. “The credentials appear to include over four million email addresses.”

Additionally, the document mentioned a government-run website where potential Raccoon Stealer victims could enter their email addresses to see if they were impacted by the malware campaign. Confirmed victims would then receive a follow-up email with additional resources and the recommendation to “fill out a detailed complaint and share any financial or other harm experienced from their information being stolen.”

Raccoon Stealer is a malware-as-a-service (MaaS) operation that pushes an information-stealer trojan, and allows threat actors to rent it on a weekly or monthly basis.

In exchange for $75 a week or $200 a month, threat actors can access a command center that allows them to configure the malware, exfiltrate data from compromised systems, and generate new and customized builds.

The malware’s notoriety originates from the wide range of personal information that it can extract from infected devices, including email data, browser credentials, credit card details, and cryptocurrency wallets.

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.

Leave a Comment