A 26-year-old Ukrainian citizen has been indicted in the US for allegedly engaging in the activities of the Raccoon Stealer, a malware-as-a-service (MaaS) operation.
Mark Sokolovski, who was arrested by Dutch law enforcement after leaving Ukraine on March 4, 2022, is currently detained in the Netherlands awaiting extradition to the United States.
“Individuals who deployed Raccoon Infostealer to steal data from victims leased access to the malware for approximately $200 per month paid in cryptocurrency,” said the U.S. Department of Justice (DoJ). Said“These individuals used a variety of techniques, including email phishing, to install malware on unsuspecting victims’ computers.”
Sokolovsky allegedly used various online monikers such as Photix, raccoonstealer, and black21jack77777 on online cybercrime forums to promote the sale of his services.
One known example is the Raccoon Stealer, which is primarily distributed under the guise of cracked software. Most Prolific Information Thiefhas been used by multiple cybercriminals due to its extensive functionality and the customizability offered by the malware.
Active since April 2019, the threat actor behind the operation abruptly halted work on the project in early March of this year, citing the loss of core members to a “special operation.”
This was interpreted as the developer’s death in the Russo-Ukrainian War, court document Sokolovski’s arrest and subsequent dismantling of the malware infrastructure by Italian and Dutch authorities led to a temporary shutdown.
That said, a second version of the Raccoon Stealer written in C/C++ began circulating on underground forums as of June 2022, with its creators touting the tool’s ease of use. increase.
“It’s so fast and simple that it’s not difficult for a child to learn how to process logs,” says cybercriminals Posted In a message shared on the Telegram channel in May.
According to the U.S. Federal Bureau of Investigation (FBI), this malware has stolen 50 million unique credentials and forms of identity (email addresses, bank accounts, cryptocurrency addresses, credit card numbers, etc.) from millions of users. presumed to have helped victims around the world.
Credentials allegedly consist of over 4 million email addresses, prompting the FBI to launch the website. raccoon.ic3[.]government Allows users to see if their email address appears in Raccoon Stealer data.
Sokolovsky has been charged with computer fraud and conspiracy to commit computer related activities. 1 count of conspiracy to wire fraud. 1 count of conspiracy to commit money laundering. and he had one aggravated identity theft case.
If proven guilty, defendant faces up to 20 years in prison for wire fraud and money laundering, 5 years in prison for conspiracy to commit computer fraud, and 2 years in prison for aggravated identity theft. be punished.
“This kind of malware feeds the cybercriminal ecosystem, gathering valuable information and allowing cybercriminals to steal from innocent Americans and citizens around the world,” says Ashley C. Hoff. federal prosecutor said.