A Ukrainian man is facing charges in the United States for his alleged role in an international cybercrime scheme deployed to steal information from millions of people.
An indictment unsealed this month charges Mark Sokolovsky, 26, with renting out the Raccoon Infostealer program to cybercriminals who then used it to steal emails, financial data, passwords, and other personal information from more than two million people.
According to court documents, Sokolovsky was arrested in the Netherlands in March and is currently appealing to a court in Amsterdam to stop his extradition to Texas for trial.
He allegedly conspired to operate the Raccoon Infostealer as a malware-as-a-service or “MaaS.” Individuals who deployed Raccoon Infostealer to steal data from victims leased access to the malware for approximately $200 per month in cryptocurrency.
Prosecutors suspect that Sokolovsky began developing and then leasing out Raccoon back in 2018. Renters of the program would then use email phishing and other tricks to get people to install Raccoon on their computers.
Finally, the stolen information was used to commit financial crimes or was sold to others on cybercrime forums.
The Raccoon program's infrastructure was dismantled in March 2022 following Sokolovsky’s arrest, and its then-current version was taken offline.
The Federal Bureau of Investigations (FBI) has since identified more than 50 million unique digital credentials in the stolen data. The stolen data appears to include more than four million email addresses.
However, a second version of the malware has been circulating on online forums for criminals, and officials continue investigating in an effort to dismantle it.
The case was filed in the San Antonio-based Western District of Texas. That’s because some of the victims entangled in the scheme live in San Antonio and other cities around Texas.
The FBI has also created a website, raccoon.ic3.gov, where individuals can enter their email addresses to see if they turn up in the federal government’s repository of Racoon Infostealer-stolen data.
Last year, Cybernews cited research from the cybersecurity company Sophos which showed that Raccoon Infostealer was different from ransomware or any other more sophisticated criminal malware operations. There’s no vetting of buyers – the program can be purchased by anyone, regardless of their reputation in the criminal underworld.
More from Cybernews:
Subscribe to our newsletter