Ukrainian national Mark Sokolovsky has pleaded guilty to his involvement in the Raccoon Stealer malware cybercrime operation.
Sokolovsky and his conspirators distributed Raccoon Stealer under a MaaS (malware-as-a-service) model, allowing threat actors to rent it for $75 per week or $200 monthly.
The malware steals a wide range of information from infected devices, including stored browser credentials and information, cryptocurrency wallets, credit card details, email data, and other types of sensitive data from dozens of applications.
Raccoon Stealer subscribers would also receive access to an admin panel that enabled them to customize the malware, retrieve stolen data (logs), and create new malware builds.
According to the unsealed indictment, Sokolovsky (also known online as raccoon-stealer, Photix, and black21jack77777) was arrested in March 2022 in the Netherlands.
At the same time, the FBI dismantled Raccoon Infostealer’s infrastructure in a joint action with law enforcement authorities in the Netherlands and Italy, also taking the malware offline.
Around the time of Sokolovsky’s arrest, the Raccoon Stealer cybercrime gang suspended operations, claiming that one of the lead developers had been killed during the invasion of Ukraine. Since then, the operation has been relaunched two times, with new versions featuring new data theft capabilities.
After taking down the malware’s infrastructure in March 2022, the FBI collected some of the data stolen by cybercriminals using the malware and created a website that helps anyone check if their data is in the U.S. government’s archive of Raccoon Infostealer stolen information.
Those whose data was stolen will receive a confirmation email with additional information, resources, and links at the address they provided when searching the U.S. government’s Raccoon Infostealer Disclosure portal.
Sokolovsky was extradited to the United States in February 2024 after being indicted on fraud, money laundering, and aggravated identity theft charges in October 2022.
“While an exact number has yet to be verified, FBI agents have identified more than 50 million unique credentials and forms of identification (email addresses, bank accounts, cryptocurrency addresses, credit card numbers, etc.) in the stolen data from what appears to be millions of potential victims around the world,” the Department of Justice said in a press release at the time.
“The credentials appear to include over four million email addresses. The United States does not believe it is in possession of all the data stolen by Raccoon Infostealer and continues to investigate.”
As part of his plea agreement, Sokolovsky has agreed to a restitution of at least $910,844.61 and a forfeiture money judgment of $23,975.
